An Approach to Security Policy Configuration Using Semantic Threat Graphs
作者: Simon N. Foley , William M. Fitzgerald
DOI: 10.1007/978-3-642-03007-9_3
关键词:
摘要: Managing the configuration of heterogeneous enterprise security mechanisms is a wholly complex task. The effectiveness may be constrained by poor understanding and/or management overall policy requirements, which may, in turn, unnecessarily expose to known threats. This paper proposes threat approach, whereby knowledge about mitigating countermeasures used guide autonomic mechanisms. modeled terms Semantic Threat Graphs , variation traditional Threat/Attack Tree, extended order relate semantic information with threats, vulnerabilities and countermeasures. An ontology-based approach representing reasoning over this taken. A case study on Network Access Controls demonstrates how threats can analyzed automated recommendations made based catalogues best-practice
springer.com
williamfitzgerald.net 
ucc.ie 参考文章(24)
Bijan Parsia, Evren Sirin, Pellet: An OWL DL Reasoner international workshop description logics. ,(2004)
John McCarthy, Daniel Mayer, Ernest Friedman-Hill, Gerson Fernando Budke, The Rule Engine for the Java Platform ,(2008)
Andrzej Uszok, Jeffrey M. Bradshaw, Renia Jeffers, Austin Tate, Jeff Dalton, Applying KAoS services to ensure policy compliance for semantic web services workflow composition and enactment international semantic web conference. pp. 425- 440 ,(2004) , 10.1007/978-3-540-30475-3_30
John P. Wack, Guidelines on Firewalls and Firewall Policy National Institute of Standards and Technology. ,(2002) , 10.6028/NIST.SP.800-41
Martin O’Connor, Holger Knublauch, Samson Tu, Benjamin Grosof, Mike Dean, William Grosso, Mark Musen, Supporting Rule System Interoperability on the Semantic Web with SWRL The Semantic Web – ISWC 2005. pp. 974- 986 ,(2005) , 10.1007/11574620_69
Y. Rekhter, Address Allocation for Private Internets RFC. ,vol. 1597, pp. 1- 8 ,(1994)
Wesley M. Eddy, TCP SYN Flooding Attacks and Common Mitigations RFC. ,vol. 4987, pp. 1- 19 ,(2007)
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
Web Semantics Ontology IGI Global. ,(2006) , 10.4018/978-1-59140-905-2