HERMES: A high-level policy language for high-granularity enterprise-wide secure browser configuration management

2016 IEEE Symposium Series on Computational Intelligence (SSCI) Pub Date : 2016-12-01 DOI:10.1109/SSCI.2016.7849914

Ananth A. Jillepalli, D. Leon, Stuart Steiner, Frederick T. Sheldon

{"title":"HERMES: A high-level policy language for high-granularity enterprise-wide secure browser configuration management","authors":"Ananth A. Jillepalli, D. Leon, Stuart Steiner, Frederick T. Sheldon","doi":"10.1109/SSCI.2016.7849914","DOIUrl":null,"url":null,"abstract":"In this article, we describe the characteristics, structure, and uses of HERMES. HERMES is a high-level security policy description language. Its characteristics are: (1) enable the specification of organizational domain knowledge in a hierarchical manner; (2) enable the specification of security policies at desired granularity levels within the organizational IT and OT infrastructure; (3) enable security policies to be automatically instantiated into security configurations; (4) it is human-centered and designed for ease of use; (5) it is application and device independent. We show an example of using HERMES to write a high-level policy and show examples of how such policy can be instantiated into a domain and device, user and role, application and action specific security configuration. We also describe the integration of HERMES within the HiFiPol:Browser policy management system. We believe HERMES is a necessary step toward securing the client side of the web ecosystem and prevent or mitigate the current onslaught of web browser-based attacks, such as phishing.","PeriodicalId":120288,"journal":{"name":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI.2016.7849914","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

In this article, we describe the characteristics, structure, and uses of HERMES. HERMES is a high-level security policy description language. Its characteristics are: (1) enable the specification of organizational domain knowledge in a hierarchical manner; (2) enable the specification of security policies at desired granularity levels within the organizational IT and OT infrastructure; (3) enable security policies to be automatically instantiated into security configurations; (4) it is human-centered and designed for ease of use; (5) it is application and device independent. We show an example of using HERMES to write a high-level policy and show examples of how such policy can be instantiated into a domain and device, user and role, application and action specific security configuration. We also describe the integration of HERMES within the HiFiPol:Browser policy management system. We believe HERMES is a necessary step toward securing the client side of the web ecosystem and prevent or mitigate the current onslaught of web browser-based attacks, such as phishing.

查看原文本刊更多论文

HERMES:用于高粒度企业级安全浏览器配置管理的高级策略语言

在本文中，我们将描述HERMES的特点、结构和用途。HERMES是一种高级安全策略描述语言。它的特点是:(1)能够以层次的方式规范组织领域知识;(2)在组织的IT和OT基础设施中，在所需的粒度级别上规范安全策略;(3)使安全策略能够自动实例化到安全配置中;(4)以人为本，便于使用;(5)与应用和设备无关。我们展示了一个使用HERMES编写高级策略的示例，并展示了如何将此类策略实例化为特定于域和设备、用户和角色、应用程序和操作的安全配置的示例。我们还描述了HERMES在HiFiPol:Browser策略管理系统中的集成。我们相信HERMES是确保网络生态系统客户端安全的必要步骤，并防止或减轻当前基于浏览器的攻击，如网络钓鱼。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE Symposium Series on Computational Intelligence (SSCI)

自引率

0.00%

发文量