Abstract

The security of complex infrastructures depends on many technical and organizational issues that need to be properly addressed by a security policy. For purpose of our discussion, we define a security policy as a document that states what is and what is not allowed in a system during normal operation; it consists of a set of rules that could be expressed in formal, semi-formal or very informal language. In many contexts, a system can be considered secure and trustworthy if the policy enforced by its security administrator is trustworthy too; from this standpoint it is possible to evaluate the system security by evaluating its policy. In this paper we present a policy-based methodology to formalize and compare policies, and a Security Metric to evaluate the security level that a system is able to grant. All the steps of the methodology will be illustrated with an operative approach, by directly applying it to a real case study: the semi-automated Cross Certification among Public Key Infrastructures.