The PEI Framework for Application-Centric Security

Author: Ravi Sandhu

This paper motivates the fundamental importance of application context for security. It then gives an overview of the PEI framework for application-centric security and outlines some of the lessons learned in applying this framework. PEI stands for Policy, Enforcement and Implementation, signifying three distinct layers at which security policy and design decisions need to be made. The framework was introduced by this author in 2006 [35]. It is closely related to the earlier OM-AM framework also introduced by this author in 2000 [32].

Date: May 20, 2009

Book Title: 1st International Workshop on Security and Communication Networks (IWSCN)

Type: InProceedings

Address: Trondheim, Norway

URL: http://www.profsandhu.com/confrnc/misconf/IWSCN-09-invited.pdf

Downloads: 674

Has 1 soft copy

remote link

Bibtex

@InProceedings{The_PEI_Framework_for_Application_Centri,
author = "Ravi Sandhu",
title = "{The PEI Framework for Application-Centric Security}",
month = "May",
year = "2009",
address = ", Trondheim, Norway",
booktitle = "1st International Workshop on Security and Communication Networks (IWSCN)",
}