A Unified Class Model for Checking Security Policies in ICT Infrastructures

Automatic conformance checks of security policies is becoming a key issue in large ICT infrastructures that are more and more prone to cyber-attacks, in particular when wireless communication technologies and media are extensively adopted. This paper presents a hierarchical class-based model for the description of a system and its security requirements, that can be profitably used by a computer-aided analysis tool designed to carry out several kinds of policy verification. Our experience, gained in analyzing real systems, confirms that the structure and flexibility of the system description model are critical issues, together with the collection of real data needed to populate the model itself. The proposed solution is able to tolerate and overcome many of the practical limitations that are met when dealing with large and heterogeneous scenarios.