Next: 3.1.3 Properties of Metapolicies
Up: 3.1 Metapolicies by Hosmer
Previous: 3.1.1 Explicit Information
Contents
In a system with multiple policies, there are relationships between
these policies. Therefore, metapolicies are specified which control
concerns like conflict resolution, execution precedence, etc. They may
also make implicit information explicit, but, in addition to the
metapolicies described before, they focus on more than one
policy. This is how Hosmer itemises them into separate metapolicies:
- Policy Relationship Metapolicy
- A relationship between policies is described by a metapolicy which
specifies the policies and the concerns involved in the
relationship. Table
![[*]](http://www.nm.informatik.uni-muenchen.de/common/icons/latex2html-97.1/cross_ref_motif.gif)
shows an example of a Policy
Relationship Metapolicy. As can be seen from the example, it is
specified whether the relationship is hierarchical or collegial. It
describes the sequence of execution, the precedence in case of a
conflict, the importance of the relationship to the security of the
system, the creator of the relationship, and the person authorised to
change it. Many other items could be included.
Table 3.3:
Policy Relationship Description Metapolicy [Hosm 92]
|
Policy Relationship Metapolicy |
Policy 1 |
Policy 2 |
|---|
|
Policy Names |
MAC |
DAC |
| Relationship (Parent/Child/Colleague) |
Collg |
Collg |
| Execute (With/Before/After/Not) |
Before |
After |
|
Precedence Level in this relationship |
100 |
50 |
| Criticality of
relationship |
80 |
| Creator of relationship |
X. Jones |
| Authorized Modifiers of relationship |
Sec. DOD & SSO |
|
...
|
|
|
|
- Subpolicy Interaction Metapolicy
- Policies operate in concert with
many subpolicies. The
relationships to the subpolicies are made explicit with the Subpolicy
Interaction Metapolicy. An example of such relationships is depicted
in figure . As can be seen in these figure, the
Access_Control policy is interacting with policies named
MAC and DAC3.1. Since this metapolicy describes subpolicy
interactions between separate policies, these could also be specified
with the Policy Relationship Metapolicy.
Figure:
Hierarchical Subpolicy Structure [Hosm 92]
|
|
- Site-Specific Metapolicy
- The Site-Specific Metapolicies are used to specify policies which
control administrative or domain-wide policies for a particular user
site.
- Multipolicy Coordination Metapolicy
- This metapolicy coordinates the multiple security policies which are
present in a system at the same time. The user's priorities and
tradeoffs will be considered. These may be a complex metapolicy with
many levels, domains and implementation forms.
Next: 3.1.3 Properties of Metapolicies
Up: 3.1 Metapolicies by Hosmer
Previous: 3.1.1 Explicit Information
Contents
Copyright Munich Network Management Team
![\includegraphics [width=.95\textwidth]{Bilder/SubpolStructure}](img18.gif)