Policy Design Tool is a new development tool to help you model and analyze high-level security requirements in a business context and create security policy templates in a standard format for use within the IT environment.

Resources can be classified according to their business function using multiple taxonomies. Users can be assigned roles that capture their job functions. Thus, the security template policies are captured with business-oriented resource classes and roles for ease of review with the business process owners. Policy Design Tool also enables you to model policies for different platforms and to assess a complete view of the security policy landscape. A number of analysis functions also help ensure that policies are consistent on the business level.

The first release of Policy Design Tool supports modeling and analysis of authorization-type policies, also called access control policies. Access control policies are supported for two types of resources: Web Services and data in relational databases. Policies can be exported into the eXtensible Access Control Markup Language (XACML), an OASIS standard with wide acceptance in the IT industry.

Policy Design Tool can be used in conjunction with the newly released IBM Tivoli Security Policy Manager (TSPM) for SOA security and application entitlements management. It supports an end-to-end scenario for protecting access to Web Services. After policies have been captured, modeled with roles, and verified using Policy Design Tool they can be exported as policy templates for use by TSPM for application entitlement and SOA security operational policy management. TSPM can use these templates to:

• Author and refine message protection and roles-, rules- and attributes-based application entitlements
• Ttransform and enforce access control across heterogeneous IT environment.

Now, in operations, consistent business-to-IT security policies can be deployed from TSPM to policy enforcement points such as IBM WebSphere Application Server or IBM WebSphere DataPower SOA Appliance.

How does it work?

Policy Design Tool is built on the Eclipse Rich Client Platform and offers a number of perspectives and views for modeling, analyzing and debugging access control policies. The UI has been designed with business users in mind. For example, the effects of policies are spelled out explicitly and security-specific terminology has been kept to a minimum.

The tool also contains an embedded XACML Policy Decision Point (PDP) so that a user can simulate access requests and debug the decision process that an operational PDP would carry out in a real deployment.

Among the functions for analyzing and verifying policies are:

• Simulated policy evaluation: Given the current set of policies, how would a decision request be decided?

  For example:

  • "Is Mary allowed to access resources labeled as 'sales data'?"

• Contribution analysis: Given a decision request, which policies contribute to the decision and which do not?

  For example:

  • "Why is Mary allowed to access 'sales data'?"

• Policy override detection: Given a policy, which other policies override it and which other policies are overridden by it?

  For example:

  • "This policy seems to have no effect. Why is that?"
  • "If I introduce this new policy, what policies will be affected by it?"

• Authorization analysis: Given certain elements of a decision request, what must the other elements be so that the decision is "allow"/"deny"?

  For example:

  • "Which identities are allowed to access 'sales data' / the server D12MC302?"
  • "Which combination of roles must Mary have to access sales data?"
  • "Which combination of labels makes the server D12MC302 accessible to Mary?"

Dr. Marcel Graf has been a research staff member at the IBM Zurich Research Laboratory since 1996, working on projects in the area of distributed computing and lately in security. He received Ph.D. and M.S. degrees in electrical engineering from the University of Stuttgart, Germany.

Tatiana Levandovska is a master student at National University "Kharkiv Polytechnic Institute". While working as a summer student at IBM Research in 2008, she contributed extensions to Policy Design Tool. Tatiana received her Bachelor's degree in Computer Science from National University "Kharkiv Polytechnic Institute".

Franz-Stefan Preiss is a doctoral student in the Security and Cryptography group at the IBM Zurich Research Laboratory where he works on research projects related to security and privacy. While working as a master thesis student at IBM Research in 2007, Mr. Preiss designed and implemented the first version of the Policy Design Tool, which was also the topic of his master thesis. He received his Master's degree in Software Engineering & Internet Computing from the Vienna University of Technology.

Andreas Schade, Ph.D. is a researcher at the IBM Zurich Research Laboratory, Switzerland, where he currently works in the Security and Assurance Group. At IBM he has worked on pervasive computing and e-business systems, as well as distributed systems and applications and their management.