Goal-Based Policies for Self-Protecting Systems

With the constantly growing complexity and heterogeneity of distributed system, the ability to control their security mechanisms in a human-understandable way becomes increasingly important. Policies, for specifying the behavior of a system in terms of non-functional requirements, have been in use for several years and the Event-Condition-Action (ECA) pattern has been applied in various systems in order to define appropriate reactions to changing conditions. However, ECA policies do not reflect the desired system state but rather on specific actions the system should perform upon the occurrence of certain events, thereby demanding in-depth knowledge about the inner workings of a system and preventing the development of truly "self-protecting" systems, i.e. systems which are able to automatically adapt themselves so as to achieve certain security goals. In this paper, we present a policy framework that abstracts the ECA model to situation-goal (SG) policies, stating which security requirements should hold in a certain situation and thereby bring policies closer to the actual security model the user has in mind. A prototypical implementation of the framework has been done in form of a module for the Apollon policy system.