IDE for Rei Policy Language
May 1, 2003 - May 1, 2005
Security policies define rules for access control, authentication, or authorization of entities in a system. With the increase in interest in web based e-commerce, the amount of business that is transacted on-line and the explosion in the amount of services available, the ability to handle security and privacy is a must. Also, as computationally enabled devices (laptops, phones, PDAs, and even household appliances) become more commonplace and short range wireless connectivity improves; there is an increased need for more automated security in the resulting pervasive environments. Policy-based security is often used in such environments to provide access control to resources from a large number of requesting entities that may be unknown to the former, provide security without necessarily authenticating requesters completely, provide flexibility in specifying security requirements and give every entity a certain amount of autonomy in making their own security decisions. Also, policies make it possible to modify how different entities act without modifying their internal mechanism.
This growing importance of policy-based security underlines the need for usable interface for creating policies and providing support for policy verification, policy validation and policy engineering. Motivated by this need, we are developing an Integrated Development Environment (IDE) for security policies by extending the plug-in architecture of IBM�s Eclipse Platform. The policies are specified in Rei, a policy language with general specifications for policies as well as mechanisms for policy verification. It includes few constructs based on deontic logic that allow security policies to be described in terms of rights, obligations, dispensations, and prohibitions. It has a semantic interface for describing policies in semantic languages. The use of a semantic language enhances their interoperability and extensibility. Associated with the language is a policy engine that can be used within the application domain to interpret and reason over policies, help resolve in case of conflicts between policies, answer queries related to policy making and aid security and privacy governance by means of policy enforcement.