Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security policy specification templates for critical infrastructure services in the cloud

: Rudolph, Manuel; Schwarz, Reinhard; Jung, Christian

Kaiserslautern: Fraunhofer IESE, 2014, 6 pp.
IESE-Report, 062.14/E
Fraunhofer IESE ()
security policy; security policy specification; security policy template; security policy elicitation

Security policies are an established way for specifying security demands. However, stakeholders are hardly capable of specifying complex machine-readable security policies. Therefore, a user-friendly specification method is necessary, such as refineable natural-language security policy templates. This paper describes how a security expert can elicit security demands from various stakeholders and generalize them as security policy templates. By simply instantiating these templates, policy authors can easily specify their security demands. An examplary application in the context of cloud computing for critical infrastructure IT services is shown.