DocumentCode :
1972320
Title :
A framework for translating a high level security policy into low level security mechanisms
Author :
Hassan, Ahmad A. ; Bahgat, Waleed M.
Author_Institution :
Dept. of Comput. Sci. & Inf., Taibah Univ., Taibah
fYear :
2009
fDate :
10-13 May 2009
Firstpage :
504
Lastpage :
511
Abstract :
Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model extends the organization based access control (OrBAC) model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, it enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.
Keywords :
authorisation; computer network management; telecommunication security; active directory; firewall management; high level network security policy; intrusion detection system; organization-based access control model; Access control; Automation; Computer science; Computer security; Informatics; Intrusion detection; Maintenance engineering; Resource management; Specification languages; Network security; OrBAC model; Security management; Security modeling; Security policy;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Systems and Applications, 2009. AICCSA 2009. IEEE/ACS International Conference on
Conference_Location :
Rabat
Print_ISBN :
978-1-4244-3807-5
Electronic_ISBN :
978-1-4244-3806-8
Type :
conf
DOI :
10.1109/AICCSA.2009.5069371
Filename :
5069371
Link To Document :
بازگشت