Towards Automatic Creation of Usable Security Configuration

Author

Zhang, Bin ; Al-Shaer, Ehab

Author_Institution

AssurableNet Res. Center, DePaul Univ., Chicago, IL, USA

fYear

2010

fDate

14-19 March 2010

Firstpage

1

Lastpage

5

Abstract

The objective of this work is to create usable security architecture that will minimize network risk while considering usability and budget. We propose and formulate a novel framework for automatic creation of network security architecture including configuration rules and device placements in order to minimize risk while satisfying the business requirements, service usability and budget constraints. Our framework also automates the creation of external and internal Demilitarized Zones (DMZ) to improve security by increasing isolation. We formalize this as an optimization problem and show that it is NP-hard. We then provide heuristic approximation algorithms. The implemented systems, called SecBuilder, were evaluated under different network sizes, topologies and security requirements. Our evaluation study shows that the results obtained by SecBuilder are close to the theoretical lower bound and the performance is scalable with the network size.

Keywords

computer network security; heuristic programming; optimisation; DMZ; NP-hard problems; budget constraints; network security architecture; optimization problem; security configuration; towards automatic creation; Approximation algorithms; Communications Society; Computer architecture; Computer security; Costs; Heuristic algorithms; Information security; Network topology; USA Councils; Usability;

fLanguage

English

Publisher

ieee

Conference_Titel

INFOCOM, 2010 Proceedings IEEE

Conference_Location

San Diego, CA

ISSN

0743-166X

Print_ISBN

978-1-4244-5836-3

Type

conf

DOI

10.1109/INFCOM.2010.5462215

Filename

5462215