{"title":"通信网络安全解决方案的验证:基于策略的方法","authors":"S. Rekhis, Baha Bennour, N. Boudriga","doi":"10.1109/NCA.2011.23","DOIUrl":null,"url":null,"abstract":"Typically, security solutions are defined to meet the requirements of security policies, and are configured to implement some of their rules. Approaches proposed so far in the literature to validate security solutions have merely taken interest to the need of: a) describing the security policy used to define and configure these solutions b) generating executable description of attack scenarios targeting the secured system and c) verifying whether the secured systems react as expected. In this paper we develop a logic-based approach for the modeling of security policies and solutions based on the concept of observations, and the generation of executable scenarios of attacks. This approach provides a unified formalism for the specification of security policies, security solutions, library of legitimate actions and attacks, and correctness rules in the form of predicates over executions. We propose a modeling of two types of security solutions, namely passive and active solutions. We develop a Model Checker to generate executable scenarios of attacks, verify the security state of the system, and test whether the solutions react as expected to security attacks. A case study is proposed to illustrate the proposal.","PeriodicalId":258309,"journal":{"name":"2011 IEEE 10th International Symposium on Network Computing and Applications","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Validation of Security Solutions for Communication Networks: A Policy-Based Approach\",\"authors\":\"S. Rekhis, Baha Bennour, N. Boudriga\",\"doi\":\"10.1109/NCA.2011.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Typically, security solutions are defined to meet the requirements of security policies, and are configured to implement some of their rules. Approaches proposed so far in the literature to validate security solutions have merely taken interest to the need of: a) describing the security policy used to define and configure these solutions b) generating executable description of attack scenarios targeting the secured system and c) verifying whether the secured systems react as expected. In this paper we develop a logic-based approach for the modeling of security policies and solutions based on the concept of observations, and the generation of executable scenarios of attacks. This approach provides a unified formalism for the specification of security policies, security solutions, library of legitimate actions and attacks, and correctness rules in the form of predicates over executions. We propose a modeling of two types of security solutions, namely passive and active solutions. We develop a Model Checker to generate executable scenarios of attacks, verify the security state of the system, and test whether the solutions react as expected to security attacks. A case study is proposed to illustrate the proposal.\",\"PeriodicalId\":258309,\"journal\":{\"name\":\"2011 IEEE 10th International Symposium on Network Computing and Applications\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 10th International Symposium on Network Computing and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NCA.2011.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 10th International Symposium on Network Computing and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCA.2011.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Validation of Security Solutions for Communication Networks: A Policy-Based Approach
Typically, security solutions are defined to meet the requirements of security policies, and are configured to implement some of their rules. Approaches proposed so far in the literature to validate security solutions have merely taken interest to the need of: a) describing the security policy used to define and configure these solutions b) generating executable description of attack scenarios targeting the secured system and c) verifying whether the secured systems react as expected. In this paper we develop a logic-based approach for the modeling of security policies and solutions based on the concept of observations, and the generation of executable scenarios of attacks. This approach provides a unified formalism for the specification of security policies, security solutions, library of legitimate actions and attacks, and correctness rules in the form of predicates over executions. We propose a modeling of two types of security solutions, namely passive and active solutions. We develop a Model Checker to generate executable scenarios of attacks, verify the security state of the system, and test whether the solutions react as expected to security attacks. A case study is proposed to illustrate the proposal.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
