The PoSecCo Security Decision Support System



This paper presents the PoSecCo approach to policy refinement, that is, the problem of deriving the configurations for the security controls from a set of high-level security requirements. This process is very important for the security and trustworthiness of the IT infrastructure as confirmed by many studies that indicate it as the major cause of security breaches and availability problems. The PoSecCo project proposes an integrated system that refines a high-level policy into a set of configurations for the security controls available in the information system. This is named the PoSecCo Security Decision Support System (SDSS). The SDSS assists the administrators in all the configuration generation phases, it guides them into the policy specification and refinement process, helping them to make the right decision, and, finally, automatically performs the refinement and analysis.


Security Policy Security Requirement Access Control Policy Security Control Security Breach 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Wool10]
    A. Wool, “Trends in firewall configuration errors: Measuring the holes in Swiss cheese,” IEEE Internet Computing, vol. 14, no. 4, pp. 58-65, August 2010.MATHCrossRefGoogle Scholar
  2. [CSIS08]
    Center for Strategic and International Studies, “Securing cyberspace for the 44th presidency,” December 2008,
  3. [Oppe03]
    D. Oppenheimer. “The importance of understanding distributed system configuration”. Proceedings of the 2003 Conference on Human Factors in Computer Systems workshop, April 2003Google Scholar
  4. [Patt02]
    D. A. Patterson. “A simple way to estimate the cost of downtime”. Proceedings of LISA’02: Sixteenth Systems Administration Conference, pp. 185-188, November 2002’.Google Scholar
  5. [BCC+10]
    S. Bhala, M. Christodoulides, L. Cornwell, R. Jones, and B. Morris. “2010 UK security breach investigations report”, 7Safe, University of Bedfordshire, January 2010Google Scholar
  6. [BaHH09]
    W. Baker, A. Hutton, and D. Hylender, “Data Breach Investigations Report”, VerizonBusiness RISK team, April 2009.Google Scholar
  7. [Plod10]
    Petr Plodik, “IBM Cloud Computing”, 2010

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  • Cataldo Basile
    • 1
  • Antonio Lioy
    • 1
  • Stefano Paraboschi
    • 2
  1. 1.Politecnico di TorinoDip. di Automatica e InformaticaTorinoItaly
  2. 2.università degli studi di Bergamo School of EngineeringBergamoItaly

Personalised recommendations