Skip to main content
SpringerLink
Log in

Security Checker Architecture for Policy-Based Security Management

  • Conference paper
Computer Network Security (MMM-ACNS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3685))

Abstract

Policy-based management systems are now the object of steadfast attention in network security theory and applications. Due to a complex structure of subject role hierarchies, target grouping, and action mutual dependence the security policy conflicts are complicated to detect and resolve. Moreover, an initially consistent policy ruleset may lead to inconsistent or unenforceable rules during the system lifecycle. The paper presents the architecture of Security Checker module (intended for disclosure and resolution of policy conflicts) and illustrates conflict detection based on event calculus.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basile, C., Lioy, A.: Towards an algebraic approach to solve policy conflicts. In: Proceedings of FCS 2004 Workshop on Foundations of Computer Security, pp. 331–338 (2004)

    Google Scholar 

  2. IETF Policy Framework (policy) Working Group, http://www.ietf.org/html.charters/policy-charter.html

  3. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Systems 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  4. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: IEEE Symposium on Security and Privacy (1997)

    Google Scholar 

  5. Jess, the Rule Engine for the JavaT M Platform, http://herzberg.ca.sandia.gov/jess/index.shtml

  6. Kowalski, R.A., Sergot, M.J.: A Logic-Based Calculus of Events. New Generation Computing 4, 67–95 (1986)

    Article  Google Scholar 

  7. Lymberopoulos, L., Lupu, E., Sloman, M.: Ponder Policy Implementation and Validation in a CIM and Differentiated Services Framework. In: IFIP/IEEE Network Operations and Management Symposium (NOMS 2004), Seoul, Korea (2004)

    Google Scholar 

  8. OASIS: eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  9. Ponder: A Policy Language for Distributed Systems Management. Department of Computing, Imperial College, http://www-dse.doc.ic.ac.uk/Research/policies/ponder.shtml

  10. POSITIF Project leaflet (June 2004), http://www.positif.org/idissemination.html

Download references

Author information

Authors and Affiliations

  1. SPIIRAS, 39, 14 Liniya, St.-Petersburg, 199178, Russia

    Artem Tishkov, Igor Kotenko & Ekaterina Sidelnikova

Authors
  1. Artem Tishkov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ekaterina Sidelnikova
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Intitute for Informaticsand Automation, 39, 14-th Liniya, 199178, St. Petersburg, Russia

    Vladimir Gorodetsky

  2. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  3. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tishkov, A., Kotenko, I., Sidelnikova, E. (2005). Security Checker Architecture for Policy-Based Security Management. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_40

Download citation

  • DOI: https://doi.org/10.1007/11560326_40

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29113-8

  • Online ISBN: 978-3-540-31998-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation