DIAMACS Workshop on Usable Privacy and Security Software
Policy Development Software for Security Policies
July 9, 2004
Security policies define rules for access control, authentication, or authorization of entities in a system. With the increase in interest in web-based e-commerce, the amount of business that is transacted online, and the explosion in the amount of services available, the ability to handle security and privacy is a must. Also, as computationally enabled devices (laptops, phones, PDAs, and even household appliances) become more commonplace and short-range wireless connectivity improves, there is an increased need for more automated security in the resulting pervasive environments. Policy-based security is often used in such environments to provide access control to resources from a large number of requesting entities that may be unknown to the former, provide security without necessarily authenticating requesters completely, provide flexibility in specifying security requirements, and give every entity a certain amount of autonomy in making their own security decisions. Also, it makes it possible to modify how different entities act without modifying their internal mechanism. We have put this idea of using policies to handle security and privacy into practice by using security policies expressed in a higher-level policy language to provide a secure infrastructure for mobile devices. We are also making use of policy-based approaches for enhancing the World Wide Web Consortium’s Platform for Privacy Preferences (P3P) privacy architecture.
InProceedings
Downloads: 136 downloads