Reliable Process for Security Policy Deployment
نویسندگان
چکیده
We focus in this paper on the problem of configuring and managing network security devices, such as Firewalls, Virtual Private Network (VPN) tunnels, and Intrusion Detection Systems (IDSs). Our proposal is the following. First, we formally specify the security requirements of a given system by using an expressive access control model. As a result, we obtain an abstract security policy, which is free of ambiguities, redundancies or unnecessary details. Second, we deploy such an abstract policy through a set of automatic compilations into the security devices of the system. This proposed deployment process not only simplifies the security administrator’s job, but also guarantees a resulting configuration free of anomalies and/or inconsistencies.
منابع مشابه
Model-Driven Security Policy Deployment: Property Oriented Approach
We focus in this paper on the issue of formally validating the deployment of access control security policies. Our proposal is the following. First, as input to our approach, we consider a formal expression of the security requirements related to a given system; this ensures the deployment of an anomaly free abstract security policy. Second, we develop the algorithms using a theorem proving app...
متن کاملOn the Security of Firewall Policy Deployment
Due to the sensitive nature of information transmitted during a policy deployment, the communication between management tool and firewall should be confidential. Confidentiality can be achieved by using encrypted communication protocols such as SSH, SSL and IPSec. Much research has already addressed the specification of policies, conflict detection and optimization, but very little research is ...
متن کاملA Model-Based Framework for Security Policy Specification, Deployment and Testing
In this paper, we propose a model-driven approach for specifying, deploying and testing security policies in Java applications. First, a security policy is specified independently of the underlying access control language (OrBAC, RBAC). It is based on a generic security meta-model which can be used for early consistency checks in the security policy. This model is then automatically transformed...
متن کاملAutomatic Transformation of Generic , Validated Business Process Security Models to WS - SecurityPolicy Descriptions
An increasing need for security in SOA applications demands for better support for the management of security in Web-based business processes. Here, the model-driven process development may provide valuable opportunities in terms of maintainability and deployment. Besides modeling and then generating the pure functionality of a process, the consideration of security properties at the level of a...
متن کاملOptimal Strategies of Increasing Business Alignment, in Social Security Organization, with Quality Function Deployment (QFD) Approach
Considering the importance of the concept of strategic alignment of information technology (IT) in today economic organizations, this study attempted to extract the organization's IT strategies in order to increase the degree of strategic alignment and consequently the optimal strategies in the field of marketing and service delivery for social security organization. Using QFD technique and hie...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007