The POLITESS project investigated methods to ensure a correct implementation of security policies for distributed information systems. It addresses such systems as those built over web services. Several directions were developed and solutions were proposed for a variety of policy-related validation issues. All approaches have been based on policy modelling with formal notations.
WP1.
Enriched policy models have been proposed to cover various aspects
including
dynamic contexts for access control, reaction to anomalies, and usage
control.
To link functional and security requirements, a UML/OCL model has also
been
proposed for test generation. However, test generation directly from
security
rules expressed in modal logic (esp. Nomad) have also been developed.
WP2. Regarding policy deployment, POLITESS has addressed the issue of dynamic negotiation of access rights across policy domains. A global solution as well as a prototype have been developed in the framework of Web service policies.
WP3. Conformance testing is a systematic approach to validate a correct implementation of a specification. POLITESS proposed a global framework as well as several methods and tools to generate conformance tests for security rules.
Furthermore, POLITESS addressed the test of generic security properties, such as opacity, which do not need any specification of policy rules, only an identification of internal actions that should not be ascertained by external attackers. Finally, a method to identify covert channel has also been proposed.
WP4. To check enforcement of a policy, another approach consists in monitoring all observable information exchanges and actions in a system. POLITESS proposed methods to derive monitors from the formal models that were developed in the project. These monitors can work on-line or off-line on traces collected from the system. As another direction, POLITESS also proposed a method (based on the theory of diagnosis) to detect information leaks.
WP5. Case studies were proposed by France Telecom Orange Labs and SAP. They provided the basis to express the policy requirements and the formal models needed for them. When the implementation was available, they were also used to test the prototypes developed in the project. One case study considered an application to manage the travels of France Telecom employees. Another case study addressed credit related workflows (bank loan origination process).