VISPER: The VIrtual Security PERimeter for digital, physical, and organisational security

The security perimeter, which once was simply defined as the fence around the premises of an organisation, is becoming increasingly flexible and adaptable to the environment and the circumstances. We call this process re-perimeterisation (ReP). The effects of ReP are felt in the digital domain (where data moves from organisation to organisation through networks), the social domain (where one individual may play a variety of roles in cooperating organisations) and the physical domain (where appliances such as mobile phones and laptops move around). ReP brings about new security risks because of the difficulty of keeping the domains aligned. For example, stealing a laptop (social domain) with a motion sensor triggers an alarm (physical domain), which then selects a security policy that blocks access to all sensitive data (digital domain). By making the security perimeter explicit in business processes, security policies and security mechanisms, we intend to foster alignment of the three domains. This would then mitigate the risks of ReP.

[1]  Gabriele Lenzini,et al.  Integration of Analysis Techniques in Security and Fault-Tolerance , 2005 .

[2]  Pieter H. Hartel,et al.  Efficient Tree Search in Encrypted Data , 2004, Inf. Secur. J. A Glob. Perspect..

[3]  Pieter H. Hartel,et al.  A Diffie-Hellman based Key Management Scheme for Hierarchical Access Control , 2005 .

[4]  Victoria Ungureanu,et al.  Establishing Business Rules for Inter-Enterprise Electronic Commerce , 2000, DISC.

[5]  V. Nunes Leal Franqueira Access Control from an Intrusion Detection Perspective , 2006 .

[6]  Graham Palmer,et al.  De-Perimeterisation: Benefits and limitations , 2005, Inf. Secur. Tech. Rep..

[7]  Rik Eshuis,et al.  Verification support for workflow design with UML activity graphs , 2002, ICSE '02.

[8]  Heiko Krumm,et al.  Policy modeling and refinement for network security systems , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[9]  Andreas Schaad,et al.  Delegation of obligations , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[10]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[11]  Roel Wieringa,et al.  Design methods for reactive systems - Yourdon, Statemate, and the UML , 2003 .

[12]  Richard Sharp,et al.  The Case for Abstracting Security Policies , 2003, Security and Management.

[13]  Nirvana Meratnia,et al.  WLAN Location Sharing through a Privacy Observant Architecture , 2006, 2006 1st International Conference on Communication Systems Software & Middleware.

[14]  Roel Wieringa,et al.  Requirements Engineering: Frameworks for Understanding , 1996 .

[15]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[16]  Andreas Schaad,et al.  The Incorporation of Control Principles into Access Control Policies , 2001 .

[17]  David J. Scott,et al.  Spatial Security Policies for Mobile Agents in a Sentient Computing Environment , 2003, FASE.

[18]  Jaap Gordijn,et al.  Risk-Driven Conceptual Modeling of Outsourcing Decisions , 2004, ER.

[19]  J. V. Bon It Service Management: An Introduction: Based on Itil (Japanese Version) , 2002 .

[20]  Jerry den Hartog,et al.  An audit logic for accountability , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[21]  Jaap Gordijn,et al.  Value-Based Business-IT Alignment in Networked Constellations of Enterprises , 2005 .

[22]  Ricardo Corin,et al.  Analysis Models for Security Protocols , 2006 .

[23]  Pieter H. Hartel,et al.  Formalizing the safety of Java, the Java virtual machine, and Java card , 2001, CSUR.

[24]  Yee Wei Law,et al.  Key management and link-layer security of wireless sensor networks : Energy-efficient attack and defense , 2005 .

[25]  Dieter Fensel,et al.  A Survey of Languages for Specifying Dynamics: A Knowledge Engineering Perspective , 2001, IEEE Trans. Knowl. Data Eng..

[26]  Roberto Guadalupe Santana Tapia IT process architectures for enterprises development: A survey from a maturity model perspective , 2006 .

[27]  Marc M. Lankhorst Enterprise Architecture at Work - Modelling, Communication and Analysis, 3rd Edition , 2005, The Enterprise Engineering Series.

[28]  J. Davenport Editor , 1960 .

[29]  Sandro Etalle,et al.  Transformations of CCP programs , 2001, TOPL.

[30]  Cheun Ngen Chong Experiments in rights control : expression and enforcement , 2005 .

[31]  Roel Wieringa,et al.  Regular database update logics , 2001, Theor. Comput. Sci..

[32]  Roel Wieringa,et al.  Project Graal: Towards Operational Architecture Alignment , 2004, Int. J. Cooperative Inf. Syst..

[33]  Pieter H. Hartel,et al.  Modelling mobility aspects of security policies (Invited paper) , 2004 .

[34]  Indrakshi Ray,et al.  Towards a location-based mandatory access control model , 2006, Comput. Secur..