A tool for managing security policies in organisations Chapter in Scopus uri icon


  • Security policies are rules aimed at protecting the resources of an organisation from the risks associated with computer usage. Designing, implementing and maintaining security policies are all error prone and time consuming. We report on a tool that helps managing the security policies of an organisation. Security policies are formalised using first-order logic with equality and the unique names assumption, closely following the security policy language suggested in [1], The tool includes a link to an automated theorem prover, Otter [2], and to a model finder, Mace [2], used to formally verify a set of formal security policies. It also includes a GUI and a number of links to read information and security policies from organisation databases and access control lists. © Springer-Verlag Berlin Heidelberg 2006.

Publication date

  • January 1, 2006