A Knowledge-Based Repository Model for Security Policies Management

  • Spyros Kokolakis
  • Costas Lambrinoudakis
  • Dimitris Gritzalis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


Most organizations currently build customized security policies by extending the principles and guidelines suggested by generic security policies. This method cannot guarantee that the resulting policies are compatible, neither it can ensure that the resulting protection levels are equivalent. We introduce a Security Policies Repository (SPR), which consists of a knowledge base, storing multiple security policies in a structured way. The SPR facilitates the juxtaposition of security policies, in order to detect, analyze, and resolve conflicts, and to compare and negotiate the protection level of each of the co- operating information systems. Reconciliation of security policies is achieved by means of developing mutually accepted meta-policies.


Information System Security Policy Conflict Detection Security Domain Security Officer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kokolakis, S., Gritzalis, D., Katsikas, S.: Generic security policies for healthcare information systems. Health Informatics Journal 4(3), 184–195 (1998)CrossRefGoogle Scholar
  2. 2.
    Kokolakis, S., Kiountouzis, E.A.: Achieving interoperability in a multiple-security-policies environment. Computers & Security 19(3), 267–281 (2000)CrossRefGoogle Scholar
  3. 3.
    Brewer, D., Nash, M.: The Chinese Wall Security Policy. In: Proc. of the 1989 IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Press, Los Alamitos (1989)CrossRefGoogle Scholar
  4. 4.
    Lupu, E., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Transactions of Software Engineering 25(6) (1999)Google Scholar
  5. 5.
    Jarke, M., Gallersdorfer, R., Jeusfeld, M., Staudt, M., Eherer, S.: Concept Base: A deductive object base for metadata management. Journal of Intelligent Information Systems 4(2), 167–192 (1995)CrossRefGoogle Scholar
  6. 6.
    Mylopoulos, J., Borgida, A., Jarke, M., Koubarakis, M.: Telos: Representing knowledge about information systems. ACM Transactions on Information Systems 8(4), 325–362 (1990)CrossRefGoogle Scholar
  7. 7.
    Jeusfeld, M., Jarke, M., Nissen, H., Staudt, M.: ConceptBase: Managing conceptual models about information systems. In: Berns, et al. (eds.) Handbook of Architectures of Information Systems. Springer, Heidelberg (1998)Google Scholar
  8. 8.
    Gangopadhyay, D., Barsalou, T.: On the semantic equivalence of heterogeneous populations in multimodel, multidatabase systems. SIGMOD Record 20(4) (1991)Google Scholar
  9. 9.
    Spanoudakis, G., Constantopoulos, P.: Integrating specifications: A similarity reasoning approach. Automated Software Engineering Journal 2(4), 311–342 (1995)CrossRefGoogle Scholar
  10. 10.
    Sheth, A., Larson, J.: Federated database systems for managing distributed, heterogeneous and autonomous databases. ACM Computing Surveys 22(3) (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Spyros Kokolakis
    • 1
  • Costas Lambrinoudakis
    • 1
  • Dimitris Gritzalis
    • 2
  1. 1.Dept. of Information and Communication Systems EngineeringUniversity of the AegeanSamosGreece
  2. 2.Dept. of InformaticsAthens University of Economics & BusinessAthensGreece

Personalised recommendations