A Security Management Information Model Derivation Framework: From Goals to Configurations

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider. We propose in this article a global and formal framework which models the network security management information from the security goals to the security mechanisms configurations. The process is divided into three steps. First, the security goals are specified and the specification consistency is checked. Secondly, the network security tactics are defined. An evaluation method guarantees the consistency and the correctness against the security goals. Finally, the framework verifies that the network security tactics can be enforced by the real security mechanisms.

[1]  Bengt Jonsson,et al.  CONCUR ’94: Concurrency Theory , 1994, Lecture Notes in Computer Science.

[2]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[3]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[4]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[5]  He Huang,et al.  IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution , 2001, POLICY.

[6]  Bassem Nasser,et al.  Network Security Management: A Formal Evaluation Tool Based on RBAC Policies , 2004, Net-Con.

[7]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[8]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[9]  Joshua D. Guttman,et al.  Rigorous automated network security management , 2005, International Journal of Information Security.

[10]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[11]  Avishai Wool,et al.  Firmato: a novel firewall management toolkit , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[12]  Jonathan D. Moffett,et al.  Control principles and role hierarchies , 1998, RBAC '98.

[13]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[14]  Kurt Jensen,et al.  An Introduction to the Theoretical Aspects of Coloured Petri Nets , 1993, REX School/Symposium.

[15]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[16]  Bassem Nasser,et al.  A Formal Approach for the Evaluation of Network Security Mechanisms Based on RBAC Policies , 2005, Electron. Notes Theor. Comput. Sci..

[17]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .