{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T17:39:26Z","timestamp":1772473166714,"version":"3.50.1"},"reference-count":0,"publisher":"SAGE Publications","issue":"2","license":[{"start":{"date-parts":[[2007,2,5]],"date-time":"2007-02-05T00:00:00Z","timestamp":1170633600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2007,2,5]]},"abstract":"<jats:p> The security of complex infrastructures depends on many technical and organizational issues that need to be properly addressed by a security policy. For purpose of our discussion, we define a security policy as a document that states what is and what is not allowed in a system during normal operation; it consists of a set of rules that could be expressed in formal, semi-formal or very informal language. In many contexts, a system can be considered secure and trustworthy if the policy enforced by its security administrator is trustworthy too; from this standpoint it is possible to evaluate the system security by evaluating its policy. <\/jats:p><jats:p> In this paper we present a policy-based methodology to formalize and compare policies, and a Security Metric to evaluate the security level that a system is able to grant. All the steps of the methodology will be illustrated with an operative approach, by directly applying it to a real case study: the semi-automated Cross Certification among Public Key Infrastructures. <\/jats:p>","DOI":"10.3233\/jcs-2007-15201","type":"journal-article","created":{"date-parts":[[2016,5,18]],"date-time":"2016-05-18T07:36:45Z","timestamp":1463557005000},"page":"197-229","source":"Crossref","is-referenced-by-count":27,"title":["A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures"],"prefix":"10.1177","volume":"15","author":[{"given":"Valentina","family":"Casola","sequence":"first","affiliation":[{"name":"Dipartimento di Informatica e Sistemistica, Universit\u00e0 degli Studi di Napoli \u201cFederico II\u201d, Via Claudio 21, 80125 Napoli, Italy., , ,"}]},{"given":"Antonino","family":"Mazzeo","sequence":"additional","affiliation":[{"name":"Dipartimento di Informatica e Sistemistica, Universit\u00e0 degli Studi di Napoli \u201cFederico II\u201d, Via Claudio 21, 80125 Napoli, Italy., , ,"}]},{"given":"Nicola","family":"Mazzocca","sequence":"additional","affiliation":[{"name":"Dipartimento di Informatica e Sistemistica, Universit\u00e0 degli Studi di Napoli \u201cFederico II\u201d, Via Claudio 21, 80125 Napoli, Italy., , ,"}]},{"given":"Valeria","family":"Vittorini","sequence":"additional","affiliation":[{"name":"Dipartimento di Informatica e Sistemistica, Universit\u00e0 degli Studi di Napoli \u201cFederico II\u201d, Via Claudio 21, 80125 Napoli, Italy., , ,"}]}],"member":"179","published-online":{"date-parts":[[2007,2,5]]},"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-2007-15201","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-2007-15201","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,10]],"date-time":"2025-03-10T17:14:25Z","timestamp":1741626865000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-2007-15201"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,2,5]]},"references-count":0,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2007,2,5]]}},"alternative-id":["10.3233\/JCS-2007-15201"],"URL":"https:\/\/doi.org\/10.3233\/jcs-2007-15201","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,2,5]]}}}