Integrating Advanced Security Certification and Policy Management

Michele Bezzi, Ernesto Damiani, Stefano Paraboschi, Henrik Plate

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Recent models of software provisioning based on cloud architectures co-exist and interact with in-premises large and heterogeneous software ecosystems. In this increasingly complex landscape, organizations and users are striving to deal with assurance in all phases of software life cycle: acquisition, installation, use and maintenance. In this paper, we start by describing the notion of machine-readable security certificates, and discuss how they can be used for assurance-based software selection. Then, we introduce some models and tools for administrators for the automatic management of security policies, which include policy conflict detection. Finally, we discuss how these two approaches can be integrated for supporting organization to (semi-) automatically address the security requirements throughout the entire software life cycle.

Original languageBritish English
Title of host publicationCyber Security and Privacy - Trust in the Digital World and Cyber Security and Privacy EU Forum 2013, Revised Selected Papers
PublisherSpringer Verlag
Pages55-66
Number of pages12
ISBN (Print)9783642412042
DOIs
StatePublished - 2013
EventTrust in the Digital World and Cyber Security and Privacy EU Forum, CSP EU Forum 2013 - Brussels, Belgium
Duration: 18 Apr 201319 Apr 2013

Publication series

NameCommunications in Computer and Information Science
Volume182 CCIS
ISSN (Print)1865-0929

Conference

ConferenceTrust in the Digital World and Cyber Security and Privacy EU Forum, CSP EU Forum 2013
Country/TerritoryBelgium
CityBrussels
Period18/04/1319/04/13

Keywords

  • Security certification
  • Security policy management
  • Service assurance

Fingerprint

Dive into the research topics of 'Integrating Advanced Security Certification and Policy Management'. Together they form a unique fingerprint.

Cite this