next up previous contents
Next: 3.3 Metapolicies at the Up: 3. Previous Work on Previous: 3.1.3 Properties of Metapolicies   Contents

3.2 Metapolicies by Kühnhauser

As metapolicies by Hosmer, Winfried E. Kühnhauser from the German National Research Center for Information Technology (GMD) published three papers concerning metapolicies in the context of security policies [KüvKO 95,Kühn 95a,Kühn 95b].

Kühnhauser introduces metapolicies as a consequence of the demand for cooperation between policies from different domains. Large and complex computer networks connecting several independent organisations have security domains and each domain has security policies. He follows Hosmer's arguments for metapolicies focusing on the coordination aspects. He argues that cooperation among a complex network requires the definition of the relationships between the security policies involved. This concept is referred to as metapolicies and [Kühn 95b] defines them as follows:

Metapolicies are policies about policies. They create a framework for the complex coexistence of several security policies containing rules for interfacing, cooperation and conflict resolution.

It is not clear which constraints for interfacing and cooperation between policies are needed in the end, because the way of communication between policies is not well understood at the moment.

With regard to conflicts and coordination between policies, metapolicies are used as rules interfering with the policies of different domains. Metapolicies act on policies, therefore a public interface is required to allow metapolicies to intervene. Clearly they must be agreed upon in advance by both parties.

For controlling conflict and cooperation of policies the concept of a Conflict Matrix and a Cooperation Matrix is introduced [KüvKO 95].

The elements of the Conflict Matrix are conflict resolution functions. This allows the definition of a function for a pair of policies defining a resolution strategy. An example for a conflict resolution function is a partial order on the two policies. In the case of conflicting access control policies, simple logical and or or functions can be used. In principle, other functions are possible.


Table 3.4: The Conflict Matrix [KüvKO 95]
i$_1$ i$_2$ i$_3$ $\cdots$ i$_n$
i$_1$ crf crf $\cdots$ crf
i$_2$ crf $\cdots$ crf
i$_3$ crf
i$_n$
\begin{picture}(0,0) % thicklines \path(0,.5)(0,6)(9,.5)(0,.5) \put(3,2){\makebox(0,0)[c]{not used}} \end{picture}

crf: A Conflict Resolution Function or Relation


The Cooperation Matrix is very similar to the Conflict Matrix. The only difference is, that the elements are describing the causal precedence functions. With their help, a decision can be made whether a policy must be enforced before another.

It is characteristic for metapolicies is that they may be treated like any other ordinary security policy, apart from the fact that the objects within their domain are security policies instead of application system objects.

next up previous contents
Next: 3.3 Metapolicies at the Up: 3. Previous Work on Previous: 3.1.3 Properties of Metapolicies   Contents
Copyright Munich Network Management Team