Positif project
Policy-based Security Tools and Framework
Project → Standards → SPL english polish
 Overview
   Why Positif
   What you get
   Examples
   Framework
   News
   Events
   Conferences
 Project
   Workpackages
   Documents
   Deliverables
   Software
   Standards
    → SDL
    → SPL
   Dissemination
   Partners
 Other
   Contact Us
   Newsletter
   Links
   Internal area
Information Society Technologies

 »   Security Policy Language (SPL)

The SPL (Security Policy Language) is the language used by the security administrator to define the desired security behaviour of the networking systems and applications. The description of these systems and applications should have been defined previously through the System Description Language (SDL).

SPL is based on the standard Common Information Model (CIM) of DMTF and XML technologies. A set of grouping classes has been extracted from the model in order to represent different types of security policies (authentication, authorization, filtering, channel protection and operational). SPL also allows grouping, priority and classification of the policies.

We have therefore decided to define SPL as a language on its own, although it uses the CIM data model. The SPL manual also describes how to use the translator to the internal POSITIF format that is based on CIM.

SPL is used to describe the following types of policies

  • Authentication Policies allow creating rules which define the authentication criteria used for an identity (i.e. policy subject) in a network element (i.e. policy target). Some of the types of authentication that are supported are: shared secret, account authentication, biometric, networking identifier, Public Private Key, Kerberos, Document and Physical Credential.
  • Authorization Policies allow creating the authorization criteria based on privileges associated to activities granted or denied.
  • Filtering Policies consist in a set of rules that defines the filtering criteria used in a network element. Some of the types of conditions that can be used are: source address and mask, destination address and mask, source port or source port range, destination port or destination port range, protocol type, DSCP, ToS Value, 802.1P priority and other (extensible).
  • Channel Protection Policies define the channel protection requirements based on security associations. Types of security associations are IPsec/SA, IKE and SSL/TLS.
  • Operational Policies allow describing the behaviour of the network when any kind of event has been occurred. Many operational status are possible: unknown, OK, Error, Starting, Stopped, Lost communication, etc.

Download documents and tools

 »   SPL example

To learn how the SPL is used to describe policies for network systems in the POSITIF framework see the example below.

You can download SPL example file and xCIM example file generated by SPL2xCIM tool.

Figure 1 Example SPL definitions
 
webmaster   •   © POSITIF Project 2004 - 2007