SYSTEMATIC POLICY ANALYSIS AND MANAGEMENT
1 online resource (108 pages) : PDF
University of North Carolina at Charlotte
Determining whether a given policy meets a site's high-level security goals has been a challenging task, due to the low-level nature and complexity of the policy language, various security requirements and the multiple policy violation patterns. In this dissertation, we outline a systematic policy analysis and management approach that enables system administrators to easily identify and resolve various policy violations. Our approach incorporates a domain-based isolation model to address the security requirements and visualization mechanisms to provide the policy administrator with intuitive cognitive sense about the policy analysis and policy violations. Based on the domain based isolation modeland the policy visualization mechanisms, we develop a visualization-based policy analysis and management framework. We also describe our implementation of a visualizationbasedpolicy analysis and management tool that provides the functionalities discussed in our framework. In addition, a user study is performed and the result is included as part of our evaluation efforts for the prototype system.One important application of our policy analysis and management is to support remote attestation. Remote attestation is an important mechanism to provide the trustworthiness proof of a computing system by verifying its integrity. In our work, we propose a remoteattestation framework, called Dynamic Remote Attestation Framework and Tactics (DR@FT), for efficiently attesting a target system based on our extended visualizationbased policy analysis and management approach. In addition, we adopt the proposedvisualization-based policy violation expression to represent integrity violations with a ranked violation graph, which supports intuitive reasoning of attestation results. We also describe our experiments and performance evaluation.
Ahn, Gail-JoonShehab, Mohamed
Ahn, Gail-JoonShehab, MohamedSaydam, CemWarren, Kimberly
Thesis (Ph.D.)--University of North Carolina at Charlotte, 2010.
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). For additional information, see http://rightsstatements.org/page/InC/1.0/.
Copyright is held by the author unless otherwise indicated.