Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

A Security Management Information Model Derivation Framework: From Goals to Configurations

  • Conference paper
Formal Aspects in Security and Trust (FAST 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3866))

Included in the following conference series:

Abstract

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider. We propose in this article a global and formal framework which models the network security management information from the security goals to the security mechanisms configurations. The process is divided into three steps. First, the security goals are specified and the specification consistency is checked. Secondly, the network security tactics are defined. An evaluation method guarantees the consistency and the correctness against the security goals. Finally, the framework verifies that the network security tactics can be enforced by the real security mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. ANSI, Role-Based Access Control, ANSI/INCITS 359-2004 (February 2004)

    Google Scholar 

  2. Bartal., Y., Mayer, A., Nissim, K., Wool, A.: Firmato: A Novel Firewall Management Toolkit. In: Proceedings of 1999 IEEE Symposium on Security and Privacy (May 1999)

    Google Scholar 

  3. Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Mathematical Foundations and Model.The Mitre Corporation, Bedford (1973)

    Google Scholar 

  4. Bishop, M.: Computer Security: Art and Science (2003), ISBN 0-201-44099-7

    Google Scholar 

  5. Al-Shaer, E., Hamed, H.: Discovery of Policy Anomalies in Distributed Firewalls. In: IEEE INFOCOMM 2004 (2004)

    Google Scholar 

  6. Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control (2003), ISBN: 1-58053-370-1

    Google Scholar 

  7. Fu, Z., Wu, F., Huang, H., Loh, K., Gong, F., Baldine, I., Xu, C.: IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution. In: Policy 2001 Workshop (2001)

    Google Scholar 

  8. Guttman, J.D., Herzog, A.M.: Rigorous automated network security management. International Journal of Information Security 3(4) (2004)

    Google Scholar 

  9. ISO, OSI Reference Model - Security Architecture, ISO 7498-2 (1988)

    Google Scholar 

  10. Jensen, K.: An Introduction to the Theoretical Aspects of Coloured Petri Nets. In: de Bakker, J.W., de Roever, W.-P., Rozenberg, G. (eds.) REX 1993. LNCS, vol. 803. Springer, Heidelberg (1994)

    Google Scholar 

  11. Laborde, R., Nasser, B., Grasset, F., Barrère, F., Benzekri, A.: Network Security Management: A Formal Evaluation Tool based on RBAC Policies. In: IFIP NetCon 2004 (2004)

    Google Scholar 

  12. Laborde, R., Nasser, B., Grasset, F., Barrère, F., Benzékri, A.: A formal approach for the evaluation of network security mechanisms based on RBAC policies. In: ENTCS–proceedings of WISP 2004, vol. 121. Elsevier, Amsterdam (2005)

    Google Scholar 

  13. Moffett, J.D.: Control Principle and Role Hierarchies. In: Workshop on RBAC (1998)

    Google Scholar 

  14. Moffet, J., Sloman, M.: Policy Hierarchies for Distributed Systems Management. IEEE Journal on Selected Areas in Communications 11(9) (1993)

    Google Scholar 

  15. Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control To Enforce Mandatory and Discretionary Access Control Policies. ACM Transactions on Information and System Security 3(2), 85–106 (2002)

    Article  Google Scholar 

  16. Samarati, P., De Capitani di Vimercati, S.: Access Control: Policies, Models and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  17. Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Terminology for Policy-Based Management. RFC 3198 (November 2001)

    Google Scholar 

  18. Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. RFC 2753 (2000)

    Google Scholar 

  19. http://wiki.daimi.au.dk/cpntools/cpntools.wiki

Download references

Author information

Authors and Affiliations

  1. Université Paul Sabatier – IRIT/SIERA, 118 Rte de Narbonne, F31062 Cedex04, Toulouse, France

    R. Laborde, F. Barrère & A. Benzekri

Authors
  1. R. Laborde
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. F. Barrère
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Benzekri
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. BT Group Chief Technology Office, IP5 3RE, Ipswich, UK

    Theo Dimitrakos

  2. IIT CNR, Pisa, via Moruzzi, 1, 56125, Pisa, Italy

    Fabio Martinelli

  3. University of Newcastle, UK

    Peter Y. A. Ryan

  4. Department of Computing, University of Surrey, UK

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Laborde, R., Barrère, F., Benzekri, A. (2006). A Security Management Information Model Derivation Framework: From Goals to Configurations. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds) Formal Aspects in Security and Trust. FAST 2005. Lecture Notes in Computer Science, vol 3866. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11679219_16

Download citation

  • DOI: https://doi.org/10.1007/11679219_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-32628-1

  • Online ISBN: 978-3-540-32629-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation