Logic-based methodology to help security architects in eliciting high-level network security requirements

被引:0
|
作者
Laborde, Romain [1 ]
Bulusu, Sravani Teja [1 ]
Wazan, Ahmad Samer [1 ]
Barrere, Francois [1 ]
Benzekri, Abdelmalek [1 ]
机构
[1] Univ Paul Sabatier, Toulouse, France
来源
SAC '19: PROCEEDINGS OF THE 34TH ACM/SIGAPP SYMPOSIUM ON APPLIED COMPUTING | 2019年
关键词
Network Security Requirements; Security Zoning; Integrity Model; Answer Set Programming;
D O I
10.1145/3297280.3297437
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
In this paper(1), we propose a security methodology that automates the process of security zone specification and high-level network security requirements elicitation. We define a set of formalized rules derived from the principles of complete mediation, least privileges and the Clark-Wilson lite formal model making our approach traceable and verifiable. We implemented the methodology in Answer Set Programming to automatically compute an optimal network security zone model considering the cost of the security solution. A use case study of an e-commerce enterprise network infrastructure illustrates our methodology.
引用
收藏
页码:1610 / 1619
页数:10
相关论文
共 50 条
  • [31] High-Level Security Services based on a Hardware NoC Firewall Module
    Grammatikakis, Miltos D.
    Petrakis, Polydoros
    Papagrigoriou, Antonis
    Kornaros, George
    Coppola, Marcello
    2015 12TH INTERNATIONAL WORKSHOP ON INTELLIGENT SOLUTIONS IN EMBEDDED SYSTEMS (WISES), 2015, : 73 - 78
  • [32] Methodology for Specification and Verification of High-Level Requirements with MetAcsl
    Robles, Virgile
    Kosmatov, Nikolai
    Prevosto, Virgile
    Rilling, Louis
    Le Gall, Pascale
    2021 IEEE/ACM 9TH INTERNATIONAL CONFERENCE ON FORMAL METHODS IN SOFTWARE ENGINEERING (FORMALISE 2021), 2021, : 54 - 67
  • [33] High-Level Security Approach in Wireless Sensor Network using Cluster Based Dynamic Keying Technique
    Ul Nisa, Khair
    Qureshi, Mujtaba Ashraf
    Ahmad, Aijaz
    JOURNAL OF ALGEBRAIC STATISTICS, 2022, 13 (02) : 1523 - 1532
  • [34] A methodology to measure the security level of a data provider network
    Llorens, C
    Serhrouchni, A
    ANNALS OF TELECOMMUNICATIONS, 2005, 60 (11-12) : 1439 - 1465
  • [35] A novel logic-based automatic approach to constructing compliant security policies
    Bao YiBao
    Yin LiHua
    Fang BinXing
    Guo Li
    SCIENCE CHINA-INFORMATION SCIENCES, 2012, 55 (01) : 149 - 164
  • [36] A temporal logic-based model for forensic investigation in networked system security
    Rekhis, S
    Boudriga, N
    COMPUTER NETWORK SECURITY, PROCEEDINGS, 2005, 3685 : 325 - 338
  • [37] A novel logic-based automatic approach to constructing compliant security policies
    BAO YiBao1
    2Institute of Electronic Technology
    3Beijing University of Posts and Telecommunications
    4Graduate University
    ScienceChina(InformationSciences), 2012, 55 (01) : 149 - 164
  • [38] Macaron: A Logic-based Framework for Software Supply Chain Security Assurance
    Hassanshahi, Behnaz
    Mai, Trong Nhan
    Michael, Alistair
    Selwyn-Smith, Benjamin
    Bates, Sophie
    Krishnan, Padmanabhan
    PROCEEDINGS OF THE 2023 WORKSHOP ON SOFTWARE SUPPLY CHAIN OFFENSIVE RESEARCH AND ECOSYSTEM DEFENSES, SCORED 2023, 2023, : 29 - 37
  • [39] A novel logic-based automatic approach to constructing compliant security policies
    YiBao Bao
    LiHua Yin
    BinXing Fang
    Li Guo
    Science China Information Sciences, 2012, 55 : 149 - 164
  • [40] A New Method of Fuzzy Logic-Based Steganography for the Security of Medical Images
    Karakis, Rukiye
    Capraz, Irem
    Bilir, Erhan
    Guler, Inan
    2015 23RD SIGNAL PROCESSING AND COMMUNICATIONS APPLICATIONS CONFERENCE (SIU), 2015, : 272 - 275
12345