Download - Academy Publisher
Download - Academy Publisher
Download - Academy Publisher
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Ⅵ. CONCLUSION<br />
Figure 6.<br />
The Flask architecture<br />
B. Evaluation criteria<br />
Because of the diversity of policy, policy framework<br />
should to support the characteristics of different policies,<br />
the more features supported, the more policies to support.<br />
Michael Carney and Brian Loe have proposed five<br />
evaluation criteria of policy switching mechanism, we<br />
quote as follow:<br />
1) Policy Flexibility, because the current policy<br />
description language is not uniform, a good policy<br />
framework should be able to support multiple policy<br />
language, so as not to limit its application in large-scale<br />
systems.<br />
2) Function Flexibility,Policy framework itself should<br />
be configurable, and when it need other features, it can<br />
be dynamically added.<br />
3) Safety, The security of a policy framework is that<br />
policies can be correctly stored and implementation, and<br />
will not be tampered with.<br />
4) Reliability, Policy framework should take into<br />
account the different policy operating conditions change,<br />
the framework itself should be able to adapt to this<br />
change, rather than stop running, waiting for<br />
administrators to manually manage.<br />
5) Efficiency, Especially for smaller granularity of<br />
time, must focus on the efficiency of policy enforcement,<br />
if policy is not configured or implemented, the time has<br />
passed.<br />
C. Comparison of Policy Framework<br />
We have the framework of the above-mentioned three<br />
according to the evaluation criteria for comparison. We<br />
compare mainly from the following three aspects:<br />
support for policy flexibility, function flexibility,<br />
efficiency, and reliability.<br />
Ponder policy deployment model is the best model on<br />
policy flexibility, but unable to adapt to environmental<br />
change; FAM Framework can not support function<br />
flexibility and unable to adapt to environmental change,<br />
because the access policy is execute by hard-coded<br />
language, but its efficiency and policy flexibility is good;<br />
Flask Framework is very good at support function<br />
flexibility and is better at efficiency, but can’t support<br />
DAC and unable to adapt to environmental change.<br />
Policy-based management is one of the latest developments,<br />
and achieved some success. From the practical<br />
application point of view, however, this is not enough.<br />
Problems at this stage included as the following aspects:<br />
1) Lack of standards<br />
2) Lack of good policy management framework<br />
3)Lack of policy conflict detection and policy<br />
elimination of technical<br />
4) Lack of a unified Policy description Language<br />
Overall, currently the study of policy should focus on<br />
the described in the policy specification, policy<br />
framework development, as well as some key<br />
technologies. Only in this way, the policy could be<br />
applied more widely.<br />
REFERENCES<br />
[1] M.J. Maullo, S.B. Calo "Policy management: an architecture<br />
and approach," Systems Management, vol., no., pp.13-26,<br />
Apr 1993.<br />
[2] S. S. Greene, "Security Policies and Procedures," PEARSON<br />
Education, 2008.<br />
[3] L. Cholvy, F. Cuppens, "Analyzing consistency of security<br />
policies," Security and Privacy, IEEE Symposium on, p.<br />
0103, 1997 IEEE Symposium on Security and Privacy,<br />
1997 .<br />
[4] M.Bishop, "Computer Security," Addison-Wesley, 2002.<br />
[5] Francois Siewe, "A Compositional Framework for the<br />
Development of Secure Access Control Systems" 2005<br />
Ph.D.<br />
[6] L. Jorge, B. Randeep and N. Shamim, "A policy Description<br />
Language," Orlando, Florida: AAAI, 1999.<br />
[7] N. Dulay, E. Lupu, M. Sloman, and N. Damianou, "A<br />
Policy Deployment Model for the Ponder Language,"<br />
Integrated Network Management Proceedings, IEEE/IFIP<br />
International Symposium on , vol., no., pp.529-543, 2001.<br />
[8] M. Winslett, C. Zhang, and P. A. Bonatti,"A logic for<br />
distributed authorization," The ACM Conf. on Comput and<br />
Communications Security. New York: ACM Press, 1993,<br />
PP. 124-133.<br />
[9] S. Jajodia, Pierangela. Samarati, V. S. Subrahmanian and<br />
E. Bertino "A unified frame-work for enforcing multiple<br />
access control policies," ACM transaction on Database<br />
Systems. 2001, PP. 474 - 485 .<br />
[10] S. D. Stoller, P. Yang "Efficient policy analysis for administrative<br />
role based access control," The ACM Conf. on Computer<br />
and Communications Security. New York: ACM Press,<br />
2007, PP. 445-455.<br />
[11] T. MOSES "eXtensible Access Control Markup Language<br />
(XACML) Version 2.0,". OASIS Standard, 2005.<br />
[12] E. C. Lupu and M. Sloman, "Conflicts in Policy-based<br />
Distributed Systems Management," Software Engineering,<br />
IEEE Transactions on , vol.25, no.6, pp.852-869, Nov/Dec<br />
1999.<br />
[13] Lu Shifeng, Liu Xuemin, Liu Taoying and Wang<br />
Qin,"Overview on Policy-Based Management". Computer<br />
Engineering and Applications, vol 9, pp.85-89. 2004(09).<br />
[14] SHAN Zhiyong, "Research on the Framework for Multi-<br />
Policies and Practice in Secure Operation System,"<br />
Institute of Software Chinese <strong>Academy</strong> of Sciences, 2002.<br />
217