Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security policy specification templates for critical infrastructure services in the cloud

: Rudolph, Manuel; Schwarz, Reinhard; Jung, Christian


IEEE Computer Society; Institute of Electrical and Electronics Engineers -IEEE-:
9th International Conference for Internet Technology and Secured Transactions, ICITST 2014. Proceedings : 8-10 December 2014, London
Piscataway, NJ: IEEE, 2014
ISBN: 978-1-908320-39-1
International Conference for Internet Technology and Secured Transactions (ICITST) <9, 2014, London>
Conference Paper
Fraunhofer IESE ()
security policy; security policy elicitation; security policy specification; security policy template

Security policies are an established way for specifying security demands. However, stakeholders are hardly capable of specifying complex machine-readable security policies. Therefore, a user-friendly specification method is necessary, such as refineable natural-language security policy templates. This paper describes how a security expert can elicit security demands from various stakeholders and generalize them as security policy templates. By simply instantiating these templates, policy authors can easily specify their security demands. An examplary application in the context of cloud computing for critical infrastructure IT services is shown.