Security level evaluation: policy and fuzzy techniques

Security level evaluation: policy and fuzzy techniques

In a world made of interconnected systems that manage huge amount of confidential and shared data, security plays a significant role. Policies are the means by which security rules are defined and enforced. The ability of evaluating policies is becoming more and more relevant, especially when referr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Casola, V., Rak, M., Preziosi, R., Troiano, L.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Applied sciences
Computer science
control theory
systems
Data engineering
Data security
Digital signatures
Exact sciences and technology
Information security
Interconnected systems
Law
Legal factors
Public key
Standards organizations
Uncertainty
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In a world made of interconnected systems that manage huge amount of confidential and shared data, security plays a significant role. Policies are the means by which security rules are defined and enforced. The ability of evaluating policies is becoming more and more relevant, especially when referred to cooperation of services belonging to untrusted domains. Here we have focused our attention on public key infrastructures (PKIs); at the state of the art security policies evaluation is expressed by means of security levels. However, policy evaluation must face uncertainty deriving from different perspectives, verbal judgments and lack of information. Fuzzy techniques and uncertainty reasoning can provide a meaningful way of dealing with these issues. We illustrate a fuzzy technique to evaluate the security level for a given policy against a set of reference policy levels.
DOI:10.1109/ITCC.2004.1286747