Logic-based methodology to help security architects in eliciting high-level network security requirements

被引：0

作者：

Laborde, Romain ^{[1
]}

Bulusu, Sravani Teja ^{[1
]}

Wazan, Ahmad Samer ^{[1
]}

Barrere, Francois ^{[1
]}

Benzekri, Abdelmalek ^{[1
]}

机构：

[1] Univ Paul Sabatier, Toulouse, France

来源：

SAC '19: PROCEEDINGS OF THE 34TH ACM/SIGAPP SYMPOSIUM ON APPLIED COMPUTING | 2019年

关键词：

Network Security Requirements; Security Zoning; Integrity Model; Answer Set Programming;

D O I：

10.1145/3297280.3297437

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

In this paper(1), we propose a security methodology that automates the process of security zone specification and high-level network security requirements elicitation. We define a set of formalized rules derived from the principles of complete mediation, least privileges and the Clark-Wilson lite formal model making our approach traceable and verifiable. We implemented the methodology in Answer Set Programming to automatically compute an optimal network security zone model considering the cost of the security solution. A use case study of an e-commerce enterprise network infrastructure illustrates our methodology.

引用

页码：1610 / 1619

页数：10

共 50 条

[1] MulVAL: A logic-based network security analyzer
Ou, XM
Govindavajhala, S
Appel, AW
USENIX ASSOCIATION PROCEEDINGS OF THE 14TH USENIX SECURITY SYMPOSIUM, 2005, : 113 - 128
[2] SECURITY IN HIGH-LEVEL NETWORK PROTOCOLS
VOYDOCK, VL
KENT, ST
IEEE COMMUNICATIONS MAGAZINE, 1985, 23 (07) : 12 - 24
[3] A Logic-based Approach to Network Security Risk Assessment
Ji, Yi
Wen, Danyan
Wang, Haiquan
Xia, Chunhe
2009 ISECS INTERNATIONAL COLLOQUIUM ON COMPUTING, COMMUNICATION, CONTROL, AND MANAGEMENT, VOL III, 2009, : 9 - +
[4] SECURITY MECHANISMS IN HIGH-LEVEL NETWORK PROTOCOLS
VOYDOCK, VL
KENT, ST
COMPUTING SURVEYS, 1983, 15 (02) : 135 - 171
[5] Binder, a logic-based security language
DeTreville, J
2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2002, : 105 - 113
[6] FOOD SECURITY RISK LEVEL ASSESSMENT: A FUZZY LOGIC-BASED APPROACH
Kadir, Muhd Khairulzaman Abdul
Hines, Evor L.
Qaddoum, Kefaya
Collier, Rosemary
Dowler, Elizabeth
Grant, Wyn
Leeson, Mark
Iliescu, Daciana
Subramanian, Arjunan
Richards, Keith
Merali, Yasmin
Napier, Richard
APPLIED ARTIFICIAL INTELLIGENCE, 2013, 27 (01) : 50 - 61
[7] Logic-based management of security in web services
Tziviskou, Christina
Di Nitto, Elisabetta
2007 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, PROCEEDINGS, 2007, : 228 - +
[8] A Logic-based Security Framework for Mobile Perimeter
Maddumala, Mahesh Nath
Kumar, Vijay
2015 16TH IEEE INTERNATIONAL CONFERENCE ON MOBILE DATA MANAGEMENT, VOL 2, 2015, : 30 - 33
[9] Design a high-level language for large network security management
Kim, J
Song, B
Lee, K
Kim, S
Choi, D
Seo, J
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS 2004: OTM 2004 WORKSHOPS, PROCEEDINGS, 2004, 3292 : 7 - 8
[10] High-Level Synthesis for Security and Trust
Rajendran, Jeyavijayan
Zhang, Huan
Sinanoglu, Ozgur
Karri, Ramesh
PROCEEDINGS OF THE 2013 IEEE 19TH INTERNATIONAL ON-LINE TESTING SYMPOSIUM (IOLTS), 2013, : 232 - +

← 1 2 3 4 5 →