|
PolicyMorph is a constraint system that supports human-guided interactive development and maintenance of access control policies that respect both formalized and un-formalized business rules and priorities. This project provides a mathematical description of the system, a prototype architecture and implementation, and a case study on a simulated building automation system.
People Publications Downloads Detailed Description PolicyMorph helps administrators interactively assess attribute-based access control policies with respect to logical constraints. PolicyMorph reports constraint violations and also formulates suggestions on how to address common types of violations. It then prioritizes those suggestions, presents them, and allows the administrator to evaluate the effect of each suggestion and implement the suggestion that produces the most desirable outcome. In particular, PolicyMorph allows the administrator to evaluate the desirability of each option, without forcing him to encode all relevant constraints in a formal language. This provides a middle ground between a fully automatic system that places on the administrator a high burden of formalization and a largely manual system that provides little help in discovering and resolving specific violations.  PolicyMorph is written in the Prolog, using the SWI-Prolog interpreter. Using the SWI-Prolog's Java API, PolicyMorph is integrated with the Janus's Map building simulator and Jabber instant messaging systems. This allows for performing context-aware case studies on a simulated building automation system.
This page is maintained by Omid Fatemieh.
|
|
Last Updated ( Wednesday, 26 March 2008 )
|
|
|
© 2008 Illinois Security Laboratory
|
