Semantic Matching of Security Policies to Support Security Experts

TL;DR

This paper presents an ontology-based approach for aligning and managing security policies across diverse frameworks and languages, aiming to simplify conflict detection and resolution for security experts in complex environments.

Contribution

It introduces a novel ontology-driven process for security policy alignment that automates conflict detection and supports security experts in managing policies across multiple domains.

Findings

Effective conflict detection in security policies

Automated support for security policy management

Reduction in management complexity and time

Abstract

Management of security policies has become increasingly difficult given the number of domains to manage, taken into consideration their extent and their complexity. Security experts has to deal with a variety of frameworks and specification languages used in different domains that may belong to any Cloud Computing or Distributed Systems. This wealth of frameworks and languages make the management task and the interpretation of the security policies so difficult. Each approach provides its own conflict management method or tool, the security expert will be forced to manage all these tools, which makes the field maintenance and time consuming expensive. In order to hide this complexity and to facilitate some security experts tasks and automate the others, we propose a security policies aligning based on ontologies process; this process enables to detect and resolve security policies conflicts and to support security experts in managing tasks.