Reliable process for security policy deployment

SECRYPT 2007 - International Conference on Security and Cryptography, Proceedings

Volumn , Issue , 2007, Pages 5-15

  Preda, Stere ^a   Cuppens Boulahia, Nora ^a   Cuppens, Frédéric ^a   Alfaro, Joaquin G ^a,b   Toutain, Laurent ^a  

^a ECOLE DES MINES DE NANTES   (France)

^b UNIVERSITAT OBERTA DE CATALUNYA   (Spain)

Author keywords

Deployment of policies; Network security; Policy anomalies; Security devices; Security rules

Indexed keywords

ACCESS CONTROL MODELS; AUTOMATIC COMPILATION; DEPLOYMENT OF POLICIES; DEPLOYMENT PROCESS; INTRUSION DETECTION SYSTEMS; POLICY ANOMALIES; SECURITY ADMINISTRATOR; SECURITY DEVICES; SECURITY POLICY; SECURITY REQUIREMENTS; SECURITY RULES; VIRTUAL PRIVATE NETWORKS;

ABSTRACTING; ACCESS CONTROL; COMPUTER VIRUSES; CRYPTOGRAPHY; INTERNET; INTRUSION DETECTION; SECURITY SYSTEMS;

NETWORK SECURITY;

EID: 67649816039     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (18)

1. Abou el Kalam, A., Baida, R. E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C, and Trouessin, G. Organization Based Access Control. In IEEE 4th Intl. Workshop on Policies for Distributed Systems and Networks, pp. 120-131, Lake Come, Italy, 2003.
2. Abou el Kalam, A., Briffaut, J., Toinard, C, and Blanc, M. Intrusion detection and security policy framework for distributed environments. In Collaborative Technologies and Systems, pp.100-106, Missouri, USA, 2005.
3. Alfaro, J. G., Cuppens, F., and Cuppens-Boulahia, N. Towards Filtering and Alerting Rule Rewriting on Single-Component Policies. In Intl. Conference on Computer Safety, Reliability, and Security, pp. 182- 194, Poland, 2006.
4. Alfaro, J. G., Cuppens, F., and Cuppens-Boulahia, N. Analysis of Policy Anomalies on Distributed Network Security Setups. In 11th European Symposium On Research In Computer Security, pp. 496-511, Germany, 2006.
5. Alfaro, J. G., Cuppens, R, and Cuppens-Boulahia, N. Aggregating and Deploying Network Access Control Policies. In lrst Symposium on Frontiers in Availability, Reliability and Security (FARES), 2nd International Conference on Availability, Reliability and Security (ARES2007), Vienna, Austria, 2007.
6. Al-Shaer, E. S., Hamed, H. H., and Masum, H. Conflict Classification and Analysis of Distributed Fire-wall Policies. In IEEE Journal on Selected Areas in Communications, 23(10):2069-2084, 2005.
7. Bartal, Y., Mayer, A., Nissim, K., and Wool, A. Firmato: A novel firewall management toolkit. In IEEE Symposium on Security and Privacy, pp. 17-31, Oakland, California, 1999.
8. Blanc, M., Clemente, P., Courtieu, P., Franche, S., Oudot, L., Toinard, C. and Vessiller, L. Hardening large-scale networks security through a meta-policy framework. In Third Workshop on the Internet, Telecommunications and Signal Processing, Adelaide, Australia, 2004.
9. Cisco Systems, Inc. Cisco Security Manager Product Information. [Online]. Available from: http://cisco.com/go/csmanager.
10. Cuppens, F., Cuppens-Boulahia, N., and Miege, A. Inheritance hierarchies in the OrBAC Model and application in a network environment. In 2nd Foundations of Computer Security Workshop (FCS'04), Turku, Finlande, 2004.
11. Cuppens, F., Cuppens-Boulahia, N., and Ben Ghorbel, M. High-level conflict management strategies in advanced access control models. In Workshop on Information and Computer Security (ICS 2006), Timisoara, Roumania, 2006.
12. Cuppens, F., Cuppens-Boulahia, N., Sans, T. and Miege, A. A formal approach to specify and deploy a network security policy. In 2nd Workshop on Formal Aspects in Security and Trust, pp. 203-218, Toulouse, France, 2004.
13. Fu, Z., Wu, S. F., Huang, H., Loh, K., Gong, F., Baldine, I., Xu, C. IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution. In Policy 2001 Workshop, pp. 39-56, 2001.
14. Hamed, H. H. and Al-Shaer, E. S. Taxonomy of conflicts in network security policies. In IEEE Communications, 44(3):134-141,2006.
15. Hassan, A. and Hudec, L. Role Based Network Security Model: A Forward Step towards Firewall Management. In Workshop On Security of Information Technologies, Algiers, 2003.
16. MITRE Corp. Common Vulnerabilities and Exposures. [Online]. Available from: http://cve.mitre.org/
17. Sandhu, R., Coyne, E. J., Feinstein, H. L., and Youman, C. E. Role-Based Access Control Models. IEEE Computer, 29(2):38-47,1996.
18. Welte, H., Kadlecsik, J., Josefsson, M., McHardy, P., and et al. The netfilter project: firewalling, nat and packet mangling for linux 2.4x and 2.6.x. [Online]. Available from: http://www.netfilter.org/