PaaSword Security Policy Models
The PaaSword framework aims at assisting developers in defining appropriate security policies that give rise to effective security controls enforceable at application bootstrapping or execution time. Three main types of security policies are considered:
- Data encryption policies. These determine the strength of the cryptographic protection that each sensitive object enjoys for confidentiality reasons.
- Data fragmentation and distribution policies. These determine the manner in which sensitive data objects must be fragmented and distributed to different physical servers for privacy reasons.
- Access control policies. These determine when to grant, or deny, access to sensitive data on the basis of dynamically-evolving contextual attributes associated with the entity requesting the access.
In order to aid application developers in defining effective security policies for any kind of sensitive data, the PaaSword framework offers, for each of the aforementioned policy types, an underlying declarative Policy Model that disentangles the definition of a policy from the actual code employed for enforcing it, offering the following seminal advantages:
- It forms an adequate basis for reasoning about the well-formedness of the security policies with respect to a set of relevant constraints that are set each time by the organisation adopting the PaaSword framework. These constraints restrict those attributes that must (or must not) appear in a policy, as well as the actual values that these attributes may (or may not) assume.
- It enables generic reasoning about the validity of the security policies on the basis of their potential interrelations (e.g. contradicting policies, subsuming policies, etc.).
- It paves the way for the performance of policy governance in a generic and rule-based manner where the rules are set each time by the organisation adopting the PaaSword framework.
The Policy Model is described abstractly by the XACML-inspired ontological model depicted in Figure 1 which discerns, for all of the aforementioned policy types, three structural elements: Rules, Policies and Policy Sets. For each particular policy type a corresponding model is derived by reifying the Rule concept with an appropriate ontological template that captures all those attributes that are involved in the definition of a policy of that type. For example, Figure 2 depicts the ontological template for access control policies; analogous templates are provided for the other two types of policy. It is to be noted that the concepts that participate in each ontological template are drawn from the Context-aware Security Model.
Figure 1. Ontological Meta-Model
Figure 2. Access Control Policy Model