Abstract
As information systems become more complex and dynamic, Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) follow the same trend. It becomes thus increasingly important to model the capabilities of these PDPs and PEPs, both in terms of coverage, dependencies and scope.
In this paper, we focus on Policy Enforcement Points to model the objects on which they may enforce security constraints. This model, called the PEP Responsibility Domain (RD(PEP)), is build based on the configuration of the PEP following a bottom-up approach. This model can then be applied to multiple use cases, three of them are shown as examples in this paper, including policy evaluation and intrusion detection assessment and alert correlation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
eXtensible Access Control Markup Language (XACML) (2003). https://www.oasis-open.org/committees/download.php/2406/oasis-xacml-1.0.pdf
Zaborovsky, V., Mulukha, V., Silinenko, E.: Access Control Model and Algebra of Firewall Rules
Boutaba, R., Polyrakis, A.: Towards extensible policy enforcement points. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 247–262. Springer, Heidelberg (2001). http://dl.acm.org/citation.cfm?id=646962.712111
Al-shaer, E.S., Hamed, H.H.: Discovery of policy anomalies in distributed firewalls. In: IEEE INFOCOM 2004, pp. 2605–2616 (2004)
Pawlak, Z.: Rough Sets. Int. J. Inf. Comput. Sci. 11, 341–356 (1982)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ben Mustapha, Y., Debar, H., Blanc, G. (2015). Policy Enforcement Point Model. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-23829-6_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23828-9
Online ISBN: 978-3-319-23829-6
eBook Packages: Computer ScienceComputer Science (R0)