Date of Award

1-21-2022

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

First Advisor

Remzi Seker

Abstract

Information system security policies have grown in complexity and the emerging collaborative nature of business has created new challenges in creating and managing such policies. These policies address several domains ranging from access control to disaster recovery and depend not only on the business itself but on socio-political/legal requirements as well. Events like collaborative work or project based organizational units result in the need to create a new information system security policy for the specific work/project, while maintaining status quo of existing policies. This requires identification and evaluation of existing policies to enable creating the new policy in line with the existing ones with acceptable deviations based on informed decisions. This dissertation provides a framework for capturing and converting security policies in terms of PCAL format and Alloy Language format. Policies are converted to PCAL and Alloy format for performing further policy consistency analysis using PCAL and Alloy Analyzers.

Share

COinS