Show simple item record

dc.contributor.authorSolhaug, Bjørnareng
dc.date.accessioned2010-01-12T08:12:09Z
dc.date.available2010-01-12T08:12:09Z
dc.date.issued2009-10-23eng
dc.identifier.isbn978-82-308-0890-0 (print version)
dc.identifier.urihttps://hdl.handle.net/1956/3723
dc.description.abstractWith the ever increasing importance of computer networks such as the Internet,and the today almost ubiquitous online services, the needs for themanagement of these networks and services, as well as the management ofthe associated security, risk and trust are growing correspondingly.Policy based management of information systems has the last decadeemerged as an adaptive and flexible approach to this challenge. Policies arerules governing the choices in the behavior of systems, the enforcement ofwhich ensures that the system meets the relevant requirements. This thesisaddresses the problem of capturing, specifying and developing policies. Wepropose a language suitable for the specification of policies across domains,at various abstraction levels, and that facilitates human interpretation. Atthe same time the language is underpinned by a formal semantics, allowingprecise and rigorous analysis.Abstraction allows details about system functionality and architecture tobe ignored, thus facilitating analysis and supporting understanding, whichis beneficial and useful particularly during the initial phases of policy development.From the initial, abstract levels, a policy specification is typicallyfurther developed by adding details, making it more concrete and closer toimplementation and enforcement. This thesis proposes a notion of policy refinementthat relates policy specifications of different abstraction levels, preciselydefining what it means that a low-level, concrete policy specificationis a correct representation of a high-level, abstract specification. Refinementallows policy specifications to be developed in a stepwise and incrementalmanner, and ensures that the enforcement of the final, concrete specificationimplies the enforcement of the previous, more abstract specifications.The applicability of the approach is demonstrated within the domainof policy based trust management. The thesis proposes a method for thedevelopment of trust management policies that facilitates the modeling andanalysis of trust within systems, and the evaluation of the risks and opportunitiesto which the system is exposed as a consequence of trust-baseddecisions. The method is supported by designated languages for the appropriatemodeling and analyses, and aims at the capturing and formalizationof policies the enforcement of which optimizes the trust-based decisions byminimizing risks and maximizing opportunities.en_US
dc.language.isoengeng
dc.publisherThe University of Bergeneng
dc.relation.haspartPaper 1: Solhaug, B.; Elgesem, D.; Stolen, K., 2007, Why trust is not proportional to risk, pp. 11-18. In: Second International Conference on Availability, Reliability and Security (ARES'07). Copyright 2007 IEEE. Reproduced with permission. Published version. The published version is also available at: <a href="http://dx.doi.org/10.1109/ARES.2007.161" target="_blank">http://dx.doi.org/10.1109/ARES.2007.161</a>eng
dc.relation.haspartPaper 2: Solhaug, B.; Elgesem, D.; Stolen, K., Specifying policies using UML sequence diagrams – An evaluation based on a case study, 34 p. SINTEF A1230. Trondheim : SINTEF ICT, 2009. Reproduced with permission. Published version.eng
dc.relation.haspartPaper 3: Telektronikk 105(1), Solhaug, B.; Johannessen, T. H., Specification of policies using UML sequence diagrams, pp. 90-97. Copyright 2009 Telenor ASA. Reproduced with permission. Published version.eng
dc.relation.haspartPaper 4: Solhaug, B.; Stolen, K., Compositional refinement of policies in UML – Exemplified for access control, 33 p. SINTEF A11359. Trondheim : SINTEF ICT, 2009. Reproduced with permission. Published version.eng
dc.relation.haspartPaper 5: Software and Systems Modeling 2009 8(1), Seehusen, F.; Solhaug, B.; Stolen, K., Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies, pp. 45–65. Copyright 2008 Springer-Verlag. Full text not available in BORA due to publisher restrictions. The published version is available at: <a href="http://dx.doi.org/10.1007/s10270-008-0102-3" target="_blank"> http://dx.doi.org/10.1007/s10270-008-0102-3</a>eng
dc.relation.haspartPaper 6: Solhaug, B.; Stolen, K., Preservation of policy adherence under refinement, 57 p. SINTEF A11358. Trondheim : SINTEF ICT, 2009. Reproduced with permission. Published version.eng
dc.relation.haspartPaper 7: Refsdal, A.; Solhaug, B.; Stolen, K., A UML-based method for the development of policies to support trust management, pp. 33-49. In: Karabulut, Y.; Mitchell, J.; Herrmann, P.; Jensen, C. D., Trust Management II. Proceedings of IFIPTM 2008: Joint iTrust and PST Conferences on Privacy, Trust Management and Security, June 18-20, 2008, Trondheim, Norway. IFIP 263. Copyright 2008 by International Federation for Information Processing. Published by Springer Science+Business Media. Full text not available in BORA due to publisher restrictions. The published version is available at: <a href="http://dx.doi.org/10.1007/978-0-387-09428-1_3" target="_blank">http://dx.doi.org/10.1007/978-0-387-09428-1_3</a>eng
dc.titlePolicy Specification Using Sequence Diagrams. Applied to Trust Managementeng
dc.typeDoctoral thesisen_US
dc.rights.holderBjørnar Solhaugen_US
dc.subject.nsiVDP::Matematikk og Naturvitenskap: 400::Informasjons- og kommunikasjonsvitenskap: 420::Sikkerhet og sårbarhet: 424nob


Files in this item

Thumbnail
Thumbnail
Thumbnail
Thumbnail
Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record