Policy-based security management for enterprise systems

Abstract

With the increasing growth in global enterprises and collaborations among the enterprises, security and trust have become essential for information systems. For example, within an enterprise, there may be a need to maintain security within each project group so the information sharing among the groups is controlled. Similarly, there may be a need to facilitate controlled and timed sharing of data among cooperating enterprises (e.g., coalitions). In this paper, we propose a policy-based security mechanism for such sharing in an enterprise. In particular, in our system, each user (or administrator) specifies restrictions on the use of resources at a particular node (or machine) in terms of a set of policy statements (NRPS and NTPS). Similarly, the owner of each object specifies the conditions on which certain operations can be performed on the object (ORPS and OTPS). Trusted policy enforcement agents (PEA), running at each node in the enterprise (or coalition), ensure that both node and object policies are enforced in the system. We show how the proposed system facilitates dynamic control at object-level and machine-level. © 2004 Springer Science + Business Media, Inc.