Context Sensitive Security Framework
Dynamic Security Policy Enforcement
The Context Sensitive Security Framework ensures that specific security policies are enforced so that access by client applications to data, objects, web services or other protected resources are mediated by policy enforcement points that determine whether access should be granted according to access control policies maintained in a policy server and subject to interpretation according to monitored context. Policy enforcement points may be distributed around a Cross-CPP deployment and the framework is scalable, capable of supporting multiple security policies simultaneously, and adaptable to changing technology, organisational restructuring, and increasing data volumes.
Key features of the CSS Framework include:
Ability to declaratively specify fine-grained end-to-end security policies for protecting data integrity and privacy at data source, device, domain and cross-domain levels in a distributed system.
Ability to specify multiple security policies and compose them using clear and concise directives.
Conditional security policies support novel conditional rules that can be interpreted based on context monitoring, such as current activity (i.e. driving a vehicle), time (i.e. business or personal hours), and many other conditions.
Event-response language enables security policies to be dynamically modified by an event processing point, in response to specific context event patterns, to change security posture when potential threats are detected or changes occur that warrant additional security measures.
Advanced administrative capabilities include tools for evaluating new security policies and their implications before deployment to minimise interruptions or unintended consequences when new policies are loaded.
The Cross-CPP project will provide a software reference implementation of the CSS Framework.