Policy Enforcement Point Model

Ben Mustapha, Yosra; Debar, Hervé; Blanc, Gregory

doi:10.1007/978-3-319-23829-6_20

Policy Enforcement Point Model

Yosra Ben Mustapha¹⁸,
Hervé Debar¹⁸ &
Gregory Blanc¹⁸

Conference paper
First Online: 08 November 2015

1265 Accesses
1 Citations

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 152))

Abstract

As information systems become more complex and dynamic, Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) follow the same trend. It becomes thus increasingly important to model the capabilities of these PDPs and PEPs, both in terms of coverage, dependencies and scope.

In this paper, we focus on Policy Enforcement Points to model the objects on which they may enforce security constraints. This model, called the PEP Responsibility Domain (RD(PEP)), is build based on the configuration of the PEP following a bottom-up approach. This model can then be applied to multiple use cases, three of them are shown as examples in this paper, including policy evaluation and intrusion detection assessment and alert correlation.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

eXtensible Access Control Markup Language (XACML) (2003). https://www.oasis-open.org/committees/download.php/2406/oasis-xacml-1.0.pdf
Zaborovsky, V., Mulukha, V., Silinenko, E.: Access Control Model and Algebra of Firewall Rules
Google Scholar
Boutaba, R., Polyrakis, A.: Towards extensible policy enforcement points. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 247–262. Springer, Heidelberg (2001). http://dl.acm.org/citation.cfm?id=646962.712111
Chapter Google Scholar
Al-shaer, E.S., Hamed, H.H.: Discovery of policy anomalies in distributed firewalls. In: IEEE INFOCOM 2004, pp. 2605–2616 (2004)
Google Scholar
Pawlak, Z.: Rough Sets. Int. J. Inf. Comput. Sci. 11, 341–356 (1982)
Article MATH Google Scholar

Download references

Author information

Authors and Affiliations

Telecom Sudparis, SAMOVAR UMR 5157, 9 rue Charles Fourier, 91011, Evry, France
Yosra Ben Mustapha, Hervé Debar & Gregory Blanc

Authors

Yosra Ben Mustapha
View author publications
You can also search for this author in PubMed Google Scholar
Hervé Debar
View author publications
You can also search for this author in PubMed Google Scholar
Gregory Blanc
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yosra Ben Mustapha .

Editor information

Editors and Affiliations

CAS, Institute of Information Engineering CAS, Beijing, China
Jing Tian
Institute of Information Engineering, CAS, Beijing, China
Jiwu Jing
IBM Thomas J. Watson Research Center, New York, New York, USA
Mudhakar Srivatsa

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ben Mustapha, Y., Debar, H., Blanc, G. (2015). Policy Enforcement Point Model. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_20

Download citation

DOI: https://doi.org/10.1007/978-3-319-23829-6_20
Published: 08 November 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23828-9
Online ISBN: 978-3-319-23829-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics