A Theoretical Security Model for Access Control and Security Assurance

Advanced hacker techniques make the effective defense at the network security perimeters impossible. Many security solutions are proposed by researchers and practitioners in recent years, most of them focus on how to enhance the functionality and capability of security modules, but few of them emphasize on the assurance assessments of security modules. Security assurance intends to provide a degree of confidence instead of a true measure of how secure the system is. Security assurance should be measured and controlled in the process of security management life cycle. In this paper, we propose a security model, object association binding (OAB), to unify the access control policies and to provide an objective assessment for the confidence level of network security assurance. Based on the design principles of OAB, its prototype called network security policy assistant (NSPA) is implemented.

[1]  H. Raghav Rao,et al.  Intrusion countermeasures security model based on prioritization scheme for intranet access security (emerging concepts category) , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[2]  Igor Kotenko,et al.  The multi-agent systems for computer network security assurance: frameworks and case studies , 2002, Proceedings 2002 IEEE International Conference on Artificial Intelligence Systems (ICAIS 2002).

[3]  H. Joseph Wen,et al.  E-enterprise security management life cycle , 2005, Inf. Manag. Comput. Security.

[4]  Markus Lorch,et al.  A new security model for collaborative environments , 2003 .

[5]  Charles L. A. Clarke,et al.  A security model for full-text file system search in multi-user environments , 2005, FAST'05.

[6]  Jean-Jacques Quisquater,et al.  Efficient and Non-interactive Timed-Release Encryption , 2005, ICICS.

[7]  Eric Maiwald,et al.  Network Security: A Beginner's Guide, Second Edition , 2003 .

[8]  Edward Roback,et al.  SP 800-12. An Introduction to Computer Security: the NIST Handbook , 1995 .

[9]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[10]  Konstantinos Chalkias,et al.  Timed Release Cryptography from Bilinear Pairings Using Hash Chains , 2006, Communications and Multimedia Security.

[11]  Pil Joong Lee,et al.  Timed-Release Encryption with Pre-open Capability and Its Application to Certified E-mail System , 2005, ISC.

[12]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[13]  Robert W. Shirey,et al.  Internet Security Glossary , 2000, RFC.

[14]  Marco Casassa Mont,et al.  The HP time vault service: exploiting IBE for timed release of confidential information , 2003, WWW '03.

[15]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[16]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[17]  Zhang Mi,et al.  A Security Model Design in Web Service Environment , 2005 .

[18]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[19]  Ali Miri,et al.  Time-Based Release of Confidential Information in Hierarchical Settings , 2005, ISC.

[20]  Ivan Damgård Practical and Provably Secure Release of a Secret and Exchange of Signatures , 1993, EUROCRYPT.