The Case For Abstracting Security Policies

As Internet connectivity grows executing untrusted code becomes an increasingly serious threat. Public Key Infrastructure (PKI) and digital signatures offer some degree of protection, but are only part of a solution. In this paper we propose a mechanism of forcing applications to "declare what they intend to do" by means of an abstract behavioural model. A monitoring process is employed to dynamically ensure that programs do not deviate from their pre-declared intention. We focus particularly on the usability, transparency and maintainability of the system, which we believe to have been lacking in similar efforts. In particular we concentrate on (i) building powerful and maintainable policy specification languages and; (it) automatic security auditing of policies.