Title :
Towards Automatic Creation of Usable Security Configuration
Author :
Zhang, Bin ; Al-Shaer, Ehab
Author_Institution :
AssurableNet Res. Center, DePaul Univ., Chicago, IL, USA
Abstract :
The objective of this work is to create usable security architecture that will minimize network risk while considering usability and budget. We propose and formulate a novel framework for automatic creation of network security architecture including configuration rules and device placements in order to minimize risk while satisfying the business requirements, service usability and budget constraints. Our framework also automates the creation of external and internal Demilitarized Zones (DMZ) to improve security by increasing isolation. We formalize this as an optimization problem and show that it is NP-hard. We then provide heuristic approximation algorithms. The implemented systems, called SecBuilder, were evaluated under different network sizes, topologies and security requirements. Our evaluation study shows that the results obtained by SecBuilder are close to the theoretical lower bound and the performance is scalable with the network size.
Keywords :
computer network security; heuristic programming; optimisation; DMZ; NP-hard problems; budget constraints; network security architecture; optimization problem; security configuration; towards automatic creation; Approximation algorithms; Communications Society; Computer architecture; Computer security; Costs; Heuristic algorithms; Information security; Network topology; USA Councils; Usability;
Conference_Titel :
INFOCOM, 2010 Proceedings IEEE
Conference_Location :
San Diego, CA
Print_ISBN :
978-1-4244-5836-3
DOI :
10.1109/INFCOM.2010.5462215
