Dmitry Chernyavskiy
ABSTRACT
Security policy is a main mechanism of information security management. While there are a lot of security-related standards and guidelines which specify requirements for high-level security policies, implementation of network security policy still depends on interfaces provided by network security systems (NSS). Obviously, diversity of policy representation languages affects efficiency of policy deployment process. The paper proposes a concept of unification of policy rules for NSSs as a solution for the problem. The idea is based on a formal language which makes it possible to formalize network security policies independently of particular NSSs.
- ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information security management.Google Scholar
- ISO/TR 13569:2005 Financial services -- Information security guidelines.Google Scholar
- ISO/IEC 15408--1:2009 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general model.Google Scholar
- M.A. Harrison. Introduction to formal language theory. Addison-Wesley Longman Publishing Company, Boston, 1978. Google ScholarDigital Library
- D. Chernyavskiy and N. Miloslavskaya. Unified Language for Network Security Policy Implementation. In The Seventh International Conference on Networking and Services, pages 136--140. IARIA, May 2011.Google Scholar
- RFC 791 Internet Protocol. DOI = http://www.ietf.org/rfc/rfc791.txt.Google Scholar
- RFC 793 Transmission Control Protocol, DOI = http://www.ietf.org/rfc/rfc793.txt.Google Scholar
- Check Point Management Interface API Specification. DOI = http://www.opsec.com/cp_products/opsec_sdk.html.Google Scholar
- C. Alm and M. Drouineaud. Analysis of Existing Policy Languages. Technical report, ORKA Consortium, June 2007.Google Scholar
- W. Zhou, Y. Mao, B. T. Loo and M. Abadi. Unified Declarative Platform for Secure Networked Information Systems. In IEEE 25th International Conference on Data Engineering, pages 150--161. 2009. Google ScholarDigital Library
- T. Hinrichs, N. Gude, M. Casado, J. Mitchell and S. Shenker. Expressing and Enforcing Flow-Based Network Security Policies. Technical report, University of Chicago. 2009.Google Scholar
- A.A. Hassan and W. M. Bahgat. A Framework for Translating A High Level Security Policy into Low Level Security Mechanisms. Journal of Electrical Engineering, 61(1): 20--28, 2010.Google ScholarCross Ref
- F. Cuppens, N. Cuppens-Boulahia, T. Sans and A. Miμege. A Formal Approach to Specify and Deploy a Network Security Policy. In Formal Aspects in Security and Trust, pages 203--218. 2004.Google Scholar
- D. Jiao, L. Liu, S. Ma, and X. Wang. Research on Security Policy and Framework. In The Second International Symposium on Networking and Network Security, pages 214--217. Academy Publisher, April 2010.Google Scholar
Index Terms
- A concept of unification of network security policies
Recommendations
Compliance with Information Security Policies: An Empirical Investigation
The insignificant relationship between rewards and actual compliance with information security policies does not make sense. Quite possibly this relationship results from not applying rewards for security compliance.
Analyzing consistency of security policies
SP '97: Proceedings of the 1997 IEEE Symposium on Security and PrivacyAbstract: We discuss the development of a methodology for reasoning about properties of security policies. We view a security policy as a special case of regulation which specifies what actions some agents are permitted, obliged or forbidden to perform ...
Practice-based discourse analysis of information security policies
We propose tentative quality criteria for design of information security policies.The criteria emphasise information security policies as useful tools for employees.The criteria are anchored in practice-based discourse analysis.We illustrate the ...
Comments