Structured-Text-Analysis Tools

Structured-Text-Analysis Tools to Streamline Security Management for Humans

In our research, we have considered three real-world problem domains and the bottleneck factors that make security policy management difficult. Each entry in our matrix corresponds to a real problem that we observed in our fieldwork and in the literature and highlights a structured text tool that we propose to solve that problem. The type of line surrounding each problem indicates the extent of our work on each of those problems.

Publications

Gabriel A. Weaver, S. Rea, and Sean.W. Smith. A computational framework for certificate policy operations. In Proceedings of the 6th European PKI Workshop (EuroPKI 2009), pages 17–33. EuroPKI, September 2009. (Full Text)
Gabriel A. Weaver, Scott Rea, and Sean W. Smith. Computational techniques for increasing PKI policy comprehension by human analysts. In Proceedings of the 9th Symposium on Identity and Trust on the Internet (IDTrust 2010), pages 51–62. Internet 2, April 2010. (Full Text)
Gabriel A. Weaver, Nick Foti, Sergey Bratus, Dan Rockmore, and Sean W. Smith. Using hierarchical change mining to manage network security policy evolution. In Proceedings of the 11th USENIX Conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (HotICE 2011), page unknown. USENIX Association, March–April 2011. (Full Text)
Gabriel A. Weaver, Sean W. Smith, Edmond J. Rogers, and Rakesh B. Bobba. Re-Engineering Grep and Diff for NERC CIP. In Proceedings of the Power and Energy Conference at Illinois 2012 (PECI 2012), IEEE Computer Society, February 2012

Tools

The Canonical Text Services Policy Repository stores natural-language, canonically-structured texts for retrieval by their citation structure. The repository comes from our prior work with Harvard's Center for Hellenic Studies to develop the Canonical Text Services (CTS) protocol to reference and retrieve Homeric Texts by citation structure. Many high-level policies such as PKI CP/CPS documents, and NERC CIP requirements have a standard citation structure against which security processes are evaluated. Little work, however, has been done to automate or partially automate the reference and retrieval of these policy documents. Our CTS Policy Repository fills this void, and sets the stage for practitioners and algorithms to access and proces policy. Our prototype repository for the International Grid Trust Federation (IGTF) contains around 100 policies.
Grep and diff commands are time-honored UNIX commands to extract and compare files in terms of the line by default. The rise in high-level computer languages, caused an increase in meaningful structures that span multiple lines. Our Context-Free Grep and Hierarchical Diff will help practitioners to extract and compare texts in terms of this structure. More information
Our Hierarchical Text Analyzer complements Hierarchical Diff because it may be used to compare two structured texts through a means other than an edit script. Our Hierarchical Text Analyzer is not exclusively designed for comparison, however, but rather as a means to plug in algorithms to analyze text and report those results in terms of the hierarchical structure of that text.