Skip to main content
SpringerLink
Log in

PRISM: A Preventive and Risk-Reducing Integrated Security Management Model Using Security Label

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

An automated security management integrating various security systems is strongly required because cyber attacks are evolving day after day. Moreover, the attacks are become more complex and intelligent than past. Several integrated security management (ISM) models are supposed and implemented to meet the requirements. However, the current ISM is passive and behaves in a post-event manner. To reduce costs and resources for managing security and to remove the possibility of an intruder succeeding in attacks, the preventive security management technology is strongly required. This paper proposes the PRISM model that is based on tracing important assets in a managed network and performs preventive security management before security incidents occur. Additionally, PRISM model employs security labels to deploy differentiated security measure. The PRISM will provide concrete and effective security management to the organization’s network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

References

  1. Aberdeen Group, Vulnerability Assessment: Empowering IS to Manage Actual Risk–-An Executive White Paper, Aberdeen Group, Inc., Sep. 1997.

  2. E. Amoroso. Intrusion Detection–-An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response. AT&T, Inc., 1999.

  3. An ISS White Paper, Internet Scanner 7.0 Technical Overview, Internet Security Systems, Inc., 2003.

  4. 4yas Harry Anderson, Introduction to Nessus, http://www.securityfocus.com/infocus/1741, October 28, 2003.

  5. Harry Anderson, Nessus, Part 2: Scanning, http://www.securityfocus.com/infocus/1753, Dec. 16, 2003.

  6. R. G. Bace. Intrusion Detection, Macmillan Technical Publishing, 2000.

  7. M. Bishop. Computer Security: Art and Science, Pearson Education, Inc., 2003.

  8. S. Brown. Implementing Virtual Private Networks 1st ed., McGraw-Hill, May 1, 1999.

  9. D. B. Chapman and E. D. Zwicky. Building Internet Firewalls, O’Reilly & Associations, Inc., Jan. 1996.

  10. Check Point OPSEC SDK Version 4.1 Release Notes, Check Point Software Technology, Inc., Nov. 2, 1999.

  11. Check Point VPN-1/Firewall-1 OPSEC API Specification Version 4.1, Check Point Software Technology, Inc., Nov. 4, 1999.

  12. W. R. Cheswick and S. M. Bellovin. Firewalls and Internet Security–-Repelling the Willy Hacker, Addison Wesley, 1994.

  13. CSE MG-1: Network Security–-Analysis and Implementation, Communications Security Establishment (CSE), Jan. 1996.

  14. CSE MG-2: A Guide to Security Risk Management for Information Technology Systems, Communications Security Establishment (CSE), Jan. 1996.

  15. CSE MG-3: A Guide to Risk Assessment and Safeguard Selection for Information Technology Systems, Communications Security Establishment (CSE), Jan. 1996.

  16. CSE ITSG-04: Threat and Risk Assessment Working Guide, Communications Security Establishment (CSE), Jan. 1996.

  17. D. E. Denning. Information Warfare and Security, ACM Press, 1999.

  18. D. Gollmann. Computer Security, John Wiley & Sons, Inc., Jul. 2001.

  19. C. Hare and K. Siyan. Internet Firewalls and Network Security, 2nd ed. New Riders Publishing, 1996.

  20. E. J. Humphreyes, R. H. Moses, and A. E. Plate. Guide to Risk Assessment and Risk Management, BSI, London, 1998.

  21. ISO/IEC TR 13335-1. Information Technology–Guidelines for the management of IT security–Part 1: Concepts and models for IT Security (1st ed.), 1996.

  22. ISO/IEC TR 13335-2. Information Technology–-Guidelines for the Management of IT Security–Part 2: Managing and planning IT security (1st ed.), 1997.

  23. ISO/IEC TR 13335-3. Information Technology–-Guidelines for the Management of IT Security–Part 3: Techniques for the management of IT Security, 1998.

  24. C. Kaufman, R. Perlman, and M. Speciner. Network Security: PRIVATE Communication in a PUBLIC World, Prentice Hall PTR, 1995.

  25. D. Y. Lee, D. S. Kim, K. H. Pang, H. S. Kim, and T. M. Chung. A Design of Scalable SNMP Agent for Managing Heterogeneous Security Systems, NOMS2000, 10-15 Apr. 2000.

  26. S. M. Lewandowski, D. J. Van Hook, G. C. O’Leary, J. W. Haines, and L. M. Rossey. SARA: Survivable Autonomic Response Architecture, DARPA Information Survivability Conference & Exposition II, DISCEX ‘01 Proceedings, June 2001, Vol. 1, 12–14.

    Google Scholar 

  27. D. J. Marchette. Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint, Springer-Verlag, New York, Inc., 2001.

    Google Scholar 

  28. S. McClure, J. Scambray, and G. Kurtz. Hacking Exposed–-Network Security Secrets & Solutions, McGraw-Hill Companies, 1999.

  29. S. Northcult. Network Intrusion Detection–-An Analyst’s Handbook, New Riders Publishing, 1999.

  30. S. Northcutt, L. Zelster, S. Winters, K. Frederick, and R. Ritchey. Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems, New Riders Publishing, Jun. 28, 2002.

  31. Open Platform for Security (OPSEC) Technical Note, Check Point Software Technology, Inc., 2000.

  32. C. P. Pfleeger and S. L. Pfleeger. Security in Computing 3rd ed. Pearson Education, Inc., 2003.

  33. D. Schnackengerg, K. Djahandari, D. Sterne, Infrastructure for intrusion detection and response, DARPA Information Survivability Conference and Exposition, DISCEX ‘00. Proceedings, 2000, Vol. 2.

  34. D. Schnackengerg, H. Holliday, R. Smith, Kelly Djahandari, and Dan Sterne. Cooperative Intrusion Traceback and Response Architecture (CITRA), DARPA Information Survivability Conference & Exposition II, DISCEX ‘01. Proceedings, 2001, Vol. 1.

  35. C. Scott, P. Wolfe, and M. Erwin. Virtual Private Networks, 2nd ed. O’Reilly & Associates, Dec. 1998.

  36. Secure Virtual Network Architecture: A Customer-focused White Paper, Check Point Software Technologies Ltd., Nov. 2000.

  37. D. Sterne, K. Djahandari, B. Wilson, B. Babson, D. Schnackenberg, H. Holliday, and T. Reid, Autonomic Response to distributed denial of service attacks, advanced security research journal, VI(I): 2002.

  38. W. Stalling. Cryptography and Network Security: Principles and Practice, 2nd ed. Prentice-Hall, 1999.

  39. W. Stallings. Network Security Essentials: Applications and Standards, Prentice-Hall, Inc., 2000.

  40. D. Trcek. An integral framework for information systems security management. Computers & Security, 22(4): 2003.

  41. R. Venkateswaran. Virtual private networks. IEEE Potentials, 20(1), 2001.

  42. R. L. Ziegler. Linux Firewalls, New Riders Publishing, 2000.

Download references

Author information

Authors and Affiliations

  1. School of Information and Communication Engineering, Sungkyunkwan Univ., 300 Cheoncheon-dong, Jangan-gu, Suwon, Gyeonggi-do, 440-746, Korea

    D. S. Kim

  2. National Security Research Institute (NSRI), 4F KT 62-1, Hwaam-dong Yuseoung-gu, Daejeon, 305-350, Korea

    Y. J. Jung

  3. School of Information and Communication Engineering, Sungkyunkwan Univ., 300 Cheoncheon-dong, Jangan-gu, Suwon, Gyeonggi-do, 440-746, Korea

    T. M. Chung

Authors
  1. D. S. Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Y. J. Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. T. M. Chung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to D. S. Kim.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kim, D.S., Jung, Y.J. & Chung, T.M. PRISM: A Preventive and Risk-Reducing Integrated Security Management Model Using Security Label. J Supercomput 33, 103–121 (2005). https://doi.org/10.1007/s11227-005-0224-0

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-005-0224-0

Keywords

Search

Navigation