Article

Free access

Mesmerize: an open framework for enterprise security management

Authors:

Daniel Bradley and

Audun JosangAuthors Info & Claims

ACSW Frontiers '04: Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32

January 2004

Pages 37 - 42

Published: 01 January 2004 Publication History

Abstract

We have identified five problems that inhibit effective enterprise security management - policy divide, lack of reproducibility, lack of consistency, lack of coverage and lack of flexibility in current management systems. We discuss these problems and suggest features an enterprise security management framework should have to address them.Mesmerize is an enterprise security management framework that allows holistic enterprise security policy to be interpreted into technology specific directives then translated into device specific configuration.The Mesmerize framework incorporates an information repository, which is accessed and interpreted by manager programs that - in turn - communicate with configuration agents that configure specific devices.The information repository stores network element information as well as security policies that are associated with those network elements. Manager programs make use of the information repository to generate technology specific directives that are sent to configuration agents during policy enforcement. A configuration agent is responsible for translating the technology specific directive into the configuration language of a device or service implementation.Currently we have proof-of-concept management sub-systems for IPChains firewalls (IPChains), BIND domain name servers (BIND), and FreeSWAN virtual private network end-points (FreeSWAN).

References

[1]

Awischus, R. (1997): Role-based access control with the security administration manager (SAM). Proceedings of the 2nd ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA, pp. 61--68, ACM Press.

Digital Library

[2]

Barkley, J., Cincotta, A. (1998): Managing role/permission relationships using object access types. Proceedings of the 3rd ACM Workshop on Role-based Access Control, Fairfax, Virginia, USA, pp. 73--80, ACM Press.

Digital Library

[3]

Bellovin, S. M. (1999): Distributed firewalls. Usenix login.

[4]

BIND: Berkeley Internet Name Domain, ISC. http://www.isc.org/products/BIND/. Accessed 18 Sep 2003.

[5]

Computer Associates: Unicenter TNG, Computer Associates International Inc. http://ca.com. Access 18 Sep 2003.

[6]

Damianou, N., Bandara, A. K., Sloman, M. and Lupu, E. C. (2002): A survey of policy specification approaches. citeseer.nj.nec.com/damianou02survey.html

[7]

Ferraiolo, D. and Kuhn, R. (1992): Role-based access control. In 15th NIST-NCSC National Computer Security Conference, pp. 554--563, Baltimore, MD.

[8]

FreeSWAN: Linux FreeS/WAN. http://www.freeswan.org. Accessed 18 Sep 2003.

[9]

Fuller W. (1999): Network management using expert diagnostics. International Journal of Network Management, 9:199--208.

Digital Library

[10]

HP: Open View. Hewlett Packard Company. http://www.hp.com. Access 18 Sep 2003.

[11]

IPChains: Linux IP Firewalling Chains. http://www.netfilter.org. Accessed 18 Sep 2003.

[12]

Moffet J. D. and Sloman, M. S. (1991): Delegation of authority. In Integrated Network Management II, North Holland (April 1991) pp. 595--606.

[13]

Roekle H. Schimpf, G. and Weidinger R. (2000): Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization. Proceedings of the 5th ACM Workshop on Role-Based Access Control, Berlin, Germany, pp. 103--110, ACM Press.

Digital Library

[14]

Sandhu R. S. Coyne, E. J., Feinstein, H. L. and Youman, C. E. (1996): Role-based access control models. IEEE Computer 29(2): 38--47, IEEE Press.

Digital Library

[15]

Tivoli: Tivoli, IBM Corporation. http://www-3.ibm.com/software/tivoli/. Accessed 18 Sep 2003.

[16]

Thomsen, D., O'Brien, C. and Payne, C. (1999): Napoleon: network application policy environment. Proceedings of the 4th ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA, pp. 145--152, ACM Press.

Digital Library

Cited By

Das AMishra DMukhopadhyay S(2015)An anonymous and secure biometric-based enterprise digital rights management system for mobile environmentSecurity and Communication Networks10.1002/sec.12668:18(3383-3404)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1002/sec.1266
Schrittwieser SKieseberg PWeippl EPardede E(2012)Digital forensics for enterprise rights management systemsProceedings of the 14th International Conference on Information Integration and Web-based Applications & Services10.1145/2428736.2428756(111-120)Online publication date: 3-Dec-2012
https://dl.acm.org/doi/10.1145/2428736.2428756

Index Terms

Mesmerize: an open framework for enterprise security management

Recommendations

Trust management for IPsec

IPsec is the standard suite of protocols for network-layer confidentiality and authentication of Internet traffic. The IPsec protocols, however, do not address the policies for how protected traffic should be handled at security end points. This article ...
Read More
Information security management: firewall selection -- factors surrounding the selection and implementation of a firewall system for an organization
InfoSecCD '09: 2009 Information Security Curriculum Development Conference

Information security management is an important part of any given organization and it mainly involves ensuring that the data and company information is secure [5]. This paper starts by defining firewall architectures and then progresses in to the ...
Read More
Mobile-driven architecture for managing enterprise security policies
ACM-SE 44: Proceedings of the 44th annual Southeast regional conference

Authentication, access control, and audit (3As) are three fundamental mechanisms in enterprise security management for countering various types of looming threats from both insiders and outsiders. There has been a variety of web-based or desktop systems ...
Read More

Comments

Information & Contributors

Information

Published In

cover image DL Hosted proceedings

ACSW Frontiers '04: Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32

January 2004

192 pages

Publisher

Australian Computer Society, Inc.

Australia

Publication History

Published: 01 January 2004

Author Tags

Qualifiers

Article

Conference

ACSW Frontiers '04

ACSW Frontiers '04: Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation

01 01 2004

Dunedin, New Zealand

Acceptance Rates

Overall Acceptance Rate 204 of 424 submissions, 48%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
1,512
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)4

Other Metrics

View Author Metrics

Citations

Cited By

Das AMishra DMukhopadhyay S(2015)An anonymous and secure biometric-based enterprise digital rights management system for mobile environmentSecurity and Communication Networks10.1002/sec.12668:18(3383-3404)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1002/sec.1266
Schrittwieser SKieseberg PWeippl EPardede E(2012)Digital forensics for enterprise rights management systemsProceedings of the 14th International Conference on Information Integration and Web-based Applications & Services10.1145/2428736.2428756(111-120)Online publication date: 3-Dec-2012
https://dl.acm.org/doi/10.1145/2428736.2428756

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents