A Graph-Based Approach for Managing Enterprise Information System Security

被引：0

作者：

Sengupta, Anirban ^{[1
]}

Manna, Asmita ^{[1
]}

Mazumdar, Chandan ^{[2
]}

机构：

[1] Jadavpur Univ, Ctr Distributed Comp, Kolkata, India

[2] Jadavpur Univ, Dept Comp Sci & Engn, Kolkata, India

来源：

2013 INTERNATIONAL CONFERENCE ON CLOUD & UBIQUITOUS COMPUTING & EMERGING TECHNOLOGIES (CUBE 2013) | 2013年

关键词：

Access control graph; Enterprise information system graph; Enterprise security modeling; Managerial vulnerability; Security policy;

D O I：

10.1109/CUBE.2013.33

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

An enterprise information system consists of assets and their inter-relationships. These inter-relationships are manifested in the connection of hardware assets in network architecture, or in the installation of software and information assets in hardware. Security policies are used to specify and control access to enterprise assets. Inter-relationships of assets, along with improper specification of policies, can lead to managerial vulnerabilities in the enterprise information system. Threats may exploit these vulnerabilities to breach the security of sensitive assets. This paper discusses a graph-based methodology for the specification of Enterprise Information Systems. The methodology captures enterprise information security requirements, helps specify security policies, and detects managerial vulnerabilities in enterprise information systems.

引用

页码：137 / +

页数：3

共 50 条

[1] A Graph-Based Approach for Analysis of Software Security
Lunkeit, Armin
RISK ASSESSMENT AND RISK-DRIVEN TESTING, RISK 2013, 2014, 8418 : 68 - 79
[2] PRIMROSe: A Graph-Based Approach for Enterprise Architecture Analysis
Naranjo, David
Sanchez, Mario
Villalobos, Jorge
ENTERPRISE INFORMATION SYSTEMS, ICEIS 2014, 2015, 227 : 434 - 452
[3] A graph-based information retrieval system
Thammasut, Duangjai
Sornil, Ohm
2006 INTERNATIONAL SYMPOSIUM ON COMMUNICATIONS AND INFORMATION TECHNOLOGIES,VOLS 1-3, 2006, : 793 - +
[4] Extending Attack Graph-Based Metrics for Enterprise Network Security Management
Bopche, Ghanshyam S.
Mehtre, Babu M.
PROCEEDINGS OF 3RD INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING, NETWORKING AND INFORMATICS, ICACNI 2015, VOL 2, 2016, 44 : 315 - 325
[5] Managing Uncertainty in Conceptual Graph-Based Soft Information Fusion
Fossier, Simon
Laudy, Claire
Pichon, Frederic
2013 16TH INTERNATIONAL CONFERENCE ON INFORMATION FUSION (FUSION), 2013, : 930 - 937
[6] NetSecuritas: An Integrated Attack Graph-based Security Assessment Tool for Enterprise Networks
Ghosh, Nirnay
Chokshi, Ishan
Sarkar, Mithun
Ghosh, Soumya K.
Kaushik, Anil Kumar
Das, Sajal K.
PROCEEDINGS OF THE 16TH INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING AND NETWORKING, 2015,
[7] A graph-based system for managing configurations of engineering design documents
Westfechtel, B
INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 1996, 6 (04) : 549 - 583
[8] AHEAD:: A graph-based system for modeling and managing development processes
Jäger, D
Schleicher, A
Westfechtel, B
APPLICATIONS OF GRAPH TRANSFORMATIONS WITH INDUSTRIAL RELEVANCE, PROCEEDINGS, 2000, 1779 : 325 - 339
[9] An attack graph-based probabilistic computing approach of network security
Ye Y.
Xu X.-S.
Jia Y.
Qi Z.-C.
Jisuanji Xuebao/Chinese Journal of Computers, 2010, 33 (10): : 1987 - 1996
[10] Distances of Centroid Sets in a Graph-Based Construction for Information Security Applications
Abawajy J.
Kelarev A.V.
Miller M.
Ryan J.
Mathematics in Computer Science, 2015, 9 (2) : 127 - 137

← 1 2 3 4 5 →