A Service Dependency Modeling Framework for Policy-Based Response Enforcement
作者: Nizar Kheir , Hervé Debar , Frédéric Cuppens , Nora Cuppens-Boulahia , Jouni Viinikka
DOI: 10.1007/978-3-642-02918-9_11
关键词:
摘要: The use of dynamic access control policies for threat response adapts local decisions to high level system constraints. However, security are often carefully tightened during design-time, and the large number service dependencies in a architecture makes their adaptation difficult. enforcement single rule requires performing multiple configuration changes on services. This paper formally describes Service Dependency Framework (SDF) order assist process selecting policy points (PEPs) capable applying rule. It automatically derives elementary rules from generic control, either allowed or denied by policy, so they can be locally managed PEPs. SDF introduces /provides model dependencies. models modular way, thus provides both extensibility reusability components. is defined using Architecture Analysis Design Language, which formal concepts modeling architectures. presents systematic treatment dependency aims apply while minimizing reducing resource consumption.
springer.com
tu-dortmund.de 
sci-hub.st 参考文章(26)
Policies for Distributed Systems and Networks Springer Berlin Heidelberg. ,(2001) , 10.1007/3-540-44569-2
M. Randic, B. Blaskovic, P. Knezevic, Modeling Service Dependencies in Ad Hoc Collaborative Systems conference on computer as a tool. ,vol. 2, pp. 1842- 1845 ,(2005) , 10.1109/EURCON.2005.1630338
Sape Mullender, Distributed Systems ,(1989)
Joaquin Garcia-Alfaro, Guillermo Navarro, Frederic Cuppens, Nora Cuppens, Stere Preda, Laurent Tourain, RELIABLE PROCESS FOR SECURITY POLICY DEPLOYMENT international conference on security and cryptography. pp. 5- 15 ,(2007)
Frédéric Cuppens, Thierry Sans, Nora Cuppens-Boulahia, Alexandre Miège, A Formal Approach to Specify and Deploy a Network Security Policy. formal aspects in security and trust. pp. 203- 218 ,(2004)
Alexander Keller, Gautam Kar, Dynamic Dependencies in Application Service Management. parallel and distributed processing techniques and applications. ,(2000)
Sokolov Georgij A, Shpita Aleksandr, Abramov Yurij, LOCAL COMPUTER NETWORK ,(1989)
Allen Jones, Adam Freeman, Security and Cryptography Visual C# 2010 Recipes. pp. 543- 595 ,(2010) , 10.1007/978-1-4302-2526-3_11
Ivan Balepin, Sergei Maltsev, Jeff Rowe, Karl Levitt, Using specification-based intrusion detection for Automated response recent advances in intrusion detection. pp. 136- 154 ,(2003) , 10.1007/978-3-540-45248-5_8
Ana-Elena Rugina, Karama Kanoun, Mohamed Kaâniche, A system dependability modeling framework using AADL and GSPNs Architecting dependable systems IV. pp. 14- 38 ,(2007) , 10.1007/978-3-540-74035-3_2