HERMES: A high-level policy language for high-granularity enterprise-wide secure browser configuration management

摘要

In this article, we describe the characteristics, structure, and uses of HERMES. HERMES is a high-level security policy description language. Its characteristics are: (1) enable the specification of organizational domain knowledge in a hierarchical manner; (2) enable the specification of security policies at desired granularity levels within the organizational IT and OT infrastructure; (3) enable security policies to be automatically instantiated into security configurations; (4) it is human-centered and designed for ease of use; (5) it is application and device independent. We show an example of using HERMES to write a high-level policy and show examples of how such policy can be instantiated into a domain and device, user and role, application and action specific security configuration. We also describe the integration of HERMES within the HiFiPol:Browser policy management system. We believe HERMES is a necessary step toward securing the client side of the web ecosystem and prevent or mitigate the current onslaught of web browser-based attacks, such as phishing.