English

Reliable Process for Security Policy Deployment

Cryptography and Security 2009-05-12 v1 Software Engineering
Authors: Stere Preda , Nora Cuppens-Boulahia , Frederic Cuppens , Joaquin Garcia-Alfaro , Laurent Toutain
View on arXiv PDF

Abstract

We focus in this paper on the problem of configuring and managing network security devices, such as Firewalls, Virtual Private Network (VPN) tunnels, and Intrusion Detection Systems (IDSs). Our proposal is the following. First, we formally specify the security requirements of a given system by using an expressive access control model. As a result, we obtain an abstract security policy, which is free of ambiguities, redundancies or unnecessary details. Second, we deploy such an abstract policy through a set of automatic compilations into the security devices of the system. This proposed deployment process not only simplifies the security administrator's job, but also guarantees a resulting configuration free of anomalies and/or inconsistencies.

Keywords

computer security cloud security intrusion detection

Cite

@article{arxiv.0905.1362,
  title  = {Reliable Process for Security Policy Deployment},
  author = {Stere Preda and Nora Cuppens-Boulahia and Frederic Cuppens and Joaquin Garcia-Alfaro and Laurent Toutain},
  journal= {arXiv preprint arXiv:0905.1362},
  year   = {2009}
}

Comments

12 pages

Related papers

View all related →
Cryptography and Security · Computer Science
VHDL Modeling of Intrusion Detection & Prevention System (IDPS) A Neural Network Approach
Tanusree Chatterjee, Abhishek Bhattacharya
2014-02-24
Cryptography and Security · Computer Science
Security policies for distributed systems
Jean Quilbeuf, Georgeta Igna, Denis Bytschkow, Harald Ruess
2013-10-15
Cryptography and Security · Computer Science
Efficacy of Attack detection capability of IDPS based on it's deployment in wired and wireless environment
Shalvi Dave, Bhushan Trivedi, Jimit Mahadevia
2013-04-19
Cryptography and Security · Computer Science
A closer look at Intrusion Detection System for web applications
Nancy Agarwal, Syed Zeeshan Hussain
2018-08-14
Networking and Internet Architecture · Computer Science
IDPS: An Integrated Intrusion Handling Model for Cloud
Hassen Mohammed Alsafi, Wafaa Mustafa Abduallah, Al-Sakib Khan Pathan
2012-03-16
Cryptography and Security · Computer Science
Aggregating and Deploying Network Access Control Policies
Joaquin Garcia-Alfaro, Frederic Cuppens, Nora Cuppens-Boulahia
2008-12-18
Cryptography and Security · Computer Science
Testing Security Policies for Distributed Systems: Vehicular Networks as a Case Study
Mohamed H. E. Aouadi, Khalifa Toumi, Ana Cavalli
2014-10-22
Cryptography and Security · Computer Science
Detection of Configuration Vulnerabilities in Distributed (Web) Environments
Matteo Maria Casalino, Michele Mangili, Henrik Plate, Serena Elisa Ponta
2012-07-13
Cryptography and Security · Computer Science
Globally reasoning about localised security policies in distributed systems
Alejandro Mario Hernandez
2012-05-30
Cryptography and Security · Computer Science
SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
Pedro Manso, Jose Moura, Carlos Serrao
2021-04-16
Cryptography and Security · Computer Science
A Robust and Fault-Tolerant Distributed Intrusion Detection System
Jaydip Sen
2021-09-07
Cryptography and Security · Computer Science
A formal methodology for integral security design and verification of network protocols
Jesus Diaz, David Arroyo, Francisco B. Rodriguez
2013-10-29
Software Engineering · Computer Science
On Properties of Policy-Based Specifications
Andrea Margheri, Rosario Pugliese, Francesco Tiezzi
2015-08-18
Cryptography and Security · Computer Science
Threshold Verification Technique for Network Intrusion Detection System
M. A. Faizal, M. Mohd Zaki, S. Shahrin, Y. Robiah +2
2009-06-23
Cryptography and Security · Computer Science
A Review of Intrusion Detection Systems and Their Evaluation in the IoT
Luca Arnaboldi, Charles Morisset
2021-05-19
Cryptography and Security · Computer Science
Reconfigurable Edge Hardware for Intelligent IDS: Systematic Approach
Wadid Foudhaili, Anouar Nechi, Celine Thermann, Mohammad Al Johmani +3
2024-04-18
Cryptography and Security · Computer Science
A Policy based Security Architecture for Software Defined Networks
Vijay Varadharajan, Kallol Karmakar, Uday Tupakula, Michael Hitchens
2018-06-07
Cryptography and Security · Computer Science
WELES: Policy-driven Runtime Integrity Enforcement of Virtual Machines
Wojciech Ozga, Do Le Quoc, Christof Fetzer
2021-07-07
Networking and Internet Architecture · Computer Science
Penetration Testing: A Roadmap to Network Security
Nitin A. Naik, Gajanan D. Kurundkar, Santosh D. Khamitkar, Namdeo V. Kalyankar
2009-12-26
Cryptography and Security · Computer Science
A Security Policy Model Transformation and Verification Approach for Software Defined Networking
Yunfei Meng, Zhiqiu Huang, Guohua Shen, Changbo Ke
2020-06-01
Networking and Internet Architecture · Computer Science
Provably Secure Networks: Methodology and Toolset for Configuration Management
Cornelius Diekmann
2017-08-29
Cryptography and Security · Computer Science
A Practical Runtime Security Policy Transformation Framework for Software Defined Networks
Yunfei Meng, Changbo Ke, Zhiqiu Huang, Guohua Shen +2
2023-01-11
Cryptography and Security · Computer Science
Systematic review of automatic translation of high-level security policy into firewall rules
Ivan Kovačević, Bruno Štengl, Stjepan Groš
2022-12-08
Cryptography and Security · Computer Science
Effectiveness of Intrusion Prevention Systems (IPS) in Fast Networks
Muhammad Imran Shafi, Muhammad Akram, Sikandar Hayat, Imran Sohail
2010-06-24
Software Engineering · Computer Science
An overview to Software Architecture in Intrusion Detection System
Mehdi Bahrami, Mohammad Bahrami
2014-03-06
R2 v1 2026-06-21T12:59:55.289Z