HiPoLDS: A Security Policy Language for Distributed Systems

In the context of the CESSA project, we had a paper recently presented at WISTP 2012:  HiPoLDS: A Security Policy Language for Distributed Systems by Matteo Dell’Amico, Gabriel Serme, Muhammad Sabir Idrees, Anderson Santana de Oliveira and Yves Roudier. The abstract is as follows:

Expressing security policies to govern distributed systems is a complex and error-prone task. Policies are hard to understand, often expressed with unfriendly syntax, making it difficult to security administrators and to business analysts to create intelligible specifications. We introduce the Hierarchical Policy Language for Distributed Systems (HiPoLDS ). HiPoLDS has been designed to enable the specification of security policies in distributed systems in a concise, readable, and extensible way. HiPoLDS’s design focuses on decentralized execution environments under the control of multiple stakeholders. Policy enforcement employs distributed reference monitors who control the flow of information between services. HiPoLDS allows the definition of both abstract and concrete policies, expressing respectively high-level properties required and concrete implementation details to be ultimately introduced into the service implementation.




Recent papers

I have participated in two papers that were presented at SecRet 2008:

  • Claude Kirchner, Hélène Kirchner and Anderson Santana de Oliveira – Analysis of Rewrite-Based Access Control Policies

    The rewrite-based approach provides executable specifications for security policies, which can be independently designed, verified, and then anchored on programs using a modular discipline. In this paper, we describe how to perform queries over these rule-based policies in order to increase the trust of the policy author on the correct behavior of the policy. The analysis we provide is founded on the narrowing process, which provides both the necessary abstraction for simulating executions of the policy over access requests and the
    mechanism for solving what-if queries from the security administrator. We illustrate this general approach by the analysis of a firewall system policy.

  • Horatiu Cirstea, Pierre-Etienne Moreau and Anderson Santana de Oliveira – Rewrite Based Specification of Access Control Policies

    Data protection within information systems is one of the main concerns in computer systems security and different access control policies can be used to specify the access requests that should be granted or denied. These access control mechanisms should guarantee that
    information can be accessed only by authorized users and thus prevent all information leakage. We propose a methodology for specifying and implementing access control policies using the rewrite based framework Tom. This approach allows us to check that any reachable state
    obtained following an access granted in the implementation satisfies the policy specification. We show that when security levels are not totally ordered some information leakage can be detected.