CDL: A LANGUAGE FOR SPECIFYING HIGH-LEVEL CROSS-DOMAIN SECURITY POLICIES

We describe early research(1) on the cross-domain language (CDL). CDL represents the first comprehensive effort towards an end-user language for specifying cross-domain information release policies. The main features of CDL are (1) separation of "sender release" and "receiver acceptance" concerns through sender and receiver rules; (2) a variety of structuring mechanisms for the modular development, management and deployment of rule bases; (3) support for a rich set of regrading operators on simple as well as complex data types; (4) support for pre and post release obligation modeling and (5) modeling of advanced active access, usage and redissemination controls for better post-release control of information. We are currently investigating how policy specifications in CDL can be mapped to lower level and more general purpose security policy specification languages such as Ponder, XACML and related enforcement frameworks. This will eventually lead to the development of automated language translation and policy verification tools.