A Declarative Approach for Easy Specification and Automated Enforcement of Security Policy
Source: Universite Bordeaux 1
A security policy presents a critical component of the overall security architecture and an essential basis on which an effective and comprehensive security program can be developed. Although, this necessity and this criticality, little progress has been made to improve tools of specification and enforcement of security policy. Too often, existent approaches have been restrictive in many ways. This paper presents a declarative approach based on domain specific languages to overcome these problems. It defines a language, named PPL (Policy Programming Language), dedicated to systematically specify and to automatically enforce security. Unlike a general-purpose language, PPL offers high-level and declarative constructs, it allows a specification to be checked for consistency, it reduces human error, it simplifies policy analysis, it reduces policy conflicts.