Abstract

ion and Refinement of Layered Security Policy Marshall Abrams and David Bailey There are multiple views of corporate (enterprise) computing, each with its own metaphors and terms of reference. The different views incorporate different levels of abstraction, in which details are suppressed to concentrate attention on the issues important to the particular observer. This essay examines these different metaphors with respect to the enterprise security policy resulting in a layered policy where each main layer relates to one of the system metaphors and the policy described for a lower level of detail is an implementation of the policy at a higher level. The layered view of policy helps system designers, managers, and users understand the rationale for security policy at the lowest levels of abstraction, because the relationship of the low level policy to the enterprise information policy is clear. Levels of abstraction and policy There are multiple views of corporate (enterprisecomputing, each with its own metaphors and terms of reference. The metaphors with which we view computing differ from level to level of abstraction. Abstraction serves the very useful purpose of suppressing details not of interest to the observer. Suppressing these details makes it possible to concentrate on the issues that the observer considers important. One observer may think of corporate information processing resources, another of the “operating system,” and another of the “network.” The terms of reference are different, the concerns are different, and the policy statements may appear different. But the policy and rules must be consistent at all levels of abstraction for the organization to achieve the protection desired. This essay has two primary purposes. The first is to exhibit several different ways in which enterprise computing is viewed by different members of the enterprise. We observe that all of the enterprise members