Organizations typically define policies to describe (positive or negative) requirements about strategic objectives. Examples are policies relative to the security of information systems in general or to the control of access to an organization’s resources. Often, the form used to specify policies is in terms of general constraints (what and why) to be enforced via the use of rules (how and when). The consistency of the rule system (transforming valid states into valid states) can be compromised and rules can violate some constraints when constraints are updated due to changing requirements. Here, we explore a number of issues related to constraint update, in particular proposing a systematic way to update rules as a consequence of modifications of constraints, by identifying which components of the rule have to be updated. Moreover, we show the construction of sets of rules, directly derived from a positive constraint, to guarantee constraint preservation and constraint enforcement.
Incremental update of constraint-compliant policy rules / Bottoni, Paolo Gaspare; Andrew, Fish; PARISI PRESICCE, Francesco. - In: ELECTRONIC COMMUNICATIONS OF THE EASST. - ISSN 1863-2122. - ELETTRONICO. - 39:(2011).
Incremental update of constraint-compliant policy rules
BOTTONI, Paolo Gaspare;PARISI PRESICCE, Francesco
2011
Abstract
Organizations typically define policies to describe (positive or negative) requirements about strategic objectives. Examples are policies relative to the security of information systems in general or to the control of access to an organization’s resources. Often, the form used to specify policies is in terms of general constraints (what and why) to be enforced via the use of rules (how and when). The consistency of the rule system (transforming valid states into valid states) can be compromised and rules can violate some constraints when constraints are updated due to changing requirements. Here, we explore a number of issues related to constraint update, in particular proposing a systematic way to update rules as a consequence of modifications of constraints, by identifying which components of the rule have to be updated. Moreover, we show the construction of sets of rules, directly derived from a positive constraint, to guarantee constraint preservation and constraint enforcement.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
