Abstract
The existing methods of policy refinement in computer network defense (CND) can only support the refinement of access control policy, but not the policies of protection, detection, response, and recovery. To solve this problem, we constructed a computer network defense policy refinement model and its formalism specification. An algorithm of defense policy refinement is designed. At last, the effectiveness of our methods was verified through one experiment cases of the composition policies with intrusion detection, vulnerabilities detection, and access control.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Zeng, H., Ma, D.F., Li, Z.Q., Zhao, Y.W.: A Policy-Based Architecture for Web Services Security Processing. In: 2012 IEEE Ninth International Conference on e-Business Engineering (ICEBE), pp. 163–169. IEEE Press (September 2012), doi:10.1109/ICEBE.2012.35
Loyall, J.P., Gillen, M., Paulos, A., et al.: Dynamic policy-driven quality of service in service-oriented information management systems. Software-Practice & Experience 41(12), 1459–1489 (2010), doi:10.1109/ISORC.2010.13
Luo, X., Song, M., Song, J.: Research on service-oriented policy-driven IAAS management. The Journal of China Universities of Posts and Telecommunications 18, 64–70 (2011), doi:10.1016/S1005-8885(10)60208-7
Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed systems management. IEEE Journal on Selected Areas in Communications 11(9), 1404–1414 (1993), doi:10.1109/49.257932
Kumari, P., Pretschner, A.: Deriving implementation-level policies for usage control enforcement. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, pp. 83–94. ACM Press (2012), doi:10.1145/2133601.2133612
Basile, C., Lioy, A., Vallini, M.: Towards a Network-Independent Policy Specification. In: 2010 18th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2010), pp. 649–653. IEEE Press (February 2010), doi:10.1109/PDP.2010.45
Maity, S., Ghosh, S.K.: Enforcement of access control policy for mobile ad hoc networks. In: Proceedings of the Fifth International Conference on Security of Information and Networks (SIN 2012), pp. 47–52. ACM Press (2012), doi:10.1145/2388576.2388582
Department of Defense. JP3-13: Information Operations. US Government printing, Washington, DC (February 2006)
Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A goal-based approach to policy refinement. In: Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 229–239. IEEE Press (June 2004), doi:10.1109/POLICY.2004.1309175
de Albuquerque, J.P., Krumm, H., de Geus, P.L., Jeruschkat, R.: Scalable model-based configuration management of security services in complex enterprise networks. Software: Practice and Experience 41(3), 307–338 (2011), doi:10.1002/spe.1014
Bryans, J.W., Fitzgerald, J.S., McCutcheon, T.: Refinement-Based Techniques in the Analysis of Information Flow Policies for Dynamic Virtual Organisations. In: Camarinha-Matos, L.M., Pereira-Klen, A., Afsarmanesh, H. (eds.) PRO-VE 2011. IFIP AICT, vol. 362, pp. 314–321. Springer, Heidelberg (2011)
Laborde, R., Kamel, M., Barrere, F., Benzekri, A.: Implementation of a formal security policy refinement process in WBEM architecture. Journal of Network and Systems Management 15(2), 241–266 (2007), doi:10.1007/s10922-007-9063-z
Stouls, N., Potet, M.-L.: Security policy enforcement through refinement process. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 216–231. Springer, Heidelberg (2006)
Hassan, A.A., Bahgat, W.M.: A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms. In: 2009 IEEE/ACS International Conference on Computer Systems and Applications, pp. 504–511. IEEE Press (2009), doi:10.1109/AICCSA.2009.5069371
Wei, Q., Lü, L.S., Wei, Z., Wu, W.K., Xia, C.H.: CNDIDL:A CND Intention Description Language for CND Decision. In: 2012 World Congress on Information and Communication Technologies (WICT 2012), pp. 1142–1147. IEEE Press (November 2012), doi:10.1109/WICT.2012.6409246
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wei, Z., Lv, Y., Xia, C., Luo, Y., Wei, Q. (2013). A Computer Network Defense Policy Refinement Method. In: Su, J., Zhao, B., Sun, Z., Wang, X., Wang, F., Xu, K. (eds) Frontiers in Internet Technologies. Communications in Computer and Information Science, vol 401. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53959-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-53959-6_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-53958-9
Online ISBN: 978-3-642-53959-6
eBook Packages: Computer ScienceComputer Science (R0)