Skip to main content
SpringerLink
Log in

Policy-Based Proactive Monitoring of Security Policy Performance

  • Conference paper
Computer Network Security (MMM-ACNS 2007)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1))

  • 648 Accesses

Abstract

One of topical tasks of policy-based security management is checking that the security policy stated in organization corresponds to its implementation in the computer network. The paper considers the suggested approach to proactive monitoring of security policy performance and security mechanisms functioning. This approach is based on the different strategies of automatic imitation of possible users’ actions in the computer network, including exhaustive search, express-analysis and generating the optimized test sequences. It is applicable to different security policies (authentication, authorization, filtering, communication channel protection, etc.). The paper describes stages, generalized algorithms and main peculiarities of the suggested approach and formal methods used to fulfill the test sequence optimization. We consider the generalized architecture of the proactive monitoring system “Proactive security scanner” (PSC) developed, its implementation and an example of policy testing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Argenenko, A.Y., Chugaev, B.N.: Optimal binary questionnaires. Moscow, Energoatomizdat (in Russian) (1989)

    Google Scholar 

  2. Agrawal, D., Giles, J., Lee, K.-W., et al.: Policy-Based Validation of SAN Configuration. In: Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, Los Alamitos (2004)

    Google Scholar 

  3. Barman S.: Writing Information Security Policies. Sams (2001)

    Google Scholar 

  4. Beigi, M.S., Calo, S., Verma, D.: Policy Transformation Techniques in Policy-Based Systems Management. In: Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, Los Alamitos (2004)

    Google Scholar 

  5. Beizer, B.: Software testing techniques. International Thomson Computer Press (1990)

    Google Scholar 

  6. Canavan, S.: An Information Security Policy Development Guide for Large Companies. SANS Institute (2004). http://www.sans.org/rr/whitepapers/policyissues/1331.php

  7. Carney, M., Loe, B.: A Comparison of Methods for Implementing Adaptive Security Policies. In: 7th USENIX Security Symposium (1998)

    Google Scholar 

  8. Common Information Model (CIM) Standards (2007), http://www.dmtf.org/standards/cim

  9. El-Atawy, A., Ibrahim, K., Hamed, H., Al-Shaer, E.: Policy Segmentation for Intelligent Firewall Testing. In: The 1st Workshop on Secure Network Protocols (2005)

    Google Scholar 

  10. Foster, J.C., Price, M., McClure, S.: Sockets, Shellcode, Porting & Coding: Reverse Engineering Exploits and Tool Coding For Security Professionals. Syngress Publishing (2005)

    Google Scholar 

  11. Gama, P., Ferreira, P.: Obligation Policies: An Enforcement Platform. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  12. Ghosh, A.K., O’Connor, T., McGraw, G.: An Automated Approach for Identifying Potential Vulnerabilities in Software. In: 1998 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos (1998)

    Google Scholar 

  13. Hoglund, G., McGraw, G.: Exploiting Software. Addison-Wesley, Boston (2004)

    Google Scholar 

  14. IODEF/IDMEF Solutions (2004), http://www.ecsirt.net/service/products.html

  15. Kee, C.K.: Security Policy Roadmap — Process for Creating Security Policies. SANS Institute (2001), http://www.sans.org/rr/whitepapers/policyissues/494.php

  16. Klevinsky, T.J., Laliberte, S., Gupta, A., Hack, I.T.: Security through Penetration Testing. Addison Wesley, Boston (2002)

    Google Scholar 

  17. Marriott, D., Sloman, M.: Management Policy Service for Distributed Systems. In: Third IEEE International Workshop on Services in Distributed and Networked Environments, IEEE Computer Society Press, Los Alamitos (1996)

    Google Scholar 

  18. Peltier, T.R., Peltier, J., Blackley, J.A.: Managing a Network Vulnerability Assessment. Auerbach Publications (2003)

    Google Scholar 

  19. Positif Project (2007), http://www.positif.org.

  20. Rogers, R., Miles, G., Fuller, E., et al.: Security Assessment: Case Studies for Implementing the NSA IAM. Rockland: Syngress (2004)

    Google Scholar 

  21. Russell, D., Gangemi, G.T.: Computer Security Basics. O’Reilly & Associates (1991)

    Google Scholar 

  22. Sademies, A.: Process Approach to Information Security Metrics in Finnish Industry and State Institutions, Espoo: VTT Technical Research Centre of Finland (2004)

    Google Scholar 

  23. Sailer, R., Acharya, A., Beigi, M., Jennings, R., Verma, D.: IPSECvalidate A Tool to Validate IPSEC Configurations. In: 15th Conference on Systems Administration (2001)

    Google Scholar 

  24. Strembeck, M.: Embedding Policy Rules for Software-Based Systems in a Requirements Context. In: IEEE International Workshop on Policies for Distributed Systems and Networks, IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  25. Wack, J., Tracy, M., Souppaya, M.: Guideline on Network Security Testing. NIST Special Publications pp. 800–842. Gaithersburg (2003)

    Google Scholar 

  26. Wheeler, K.: Distributed Firewall Policy Validation. CSE 598Z (Distributed Systems) Final Project (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, St.-Petersburg, 199178, Russia

    Vitaly Bogdanov & Igor Kotenko

Authors
  1. Vitaly Bogdanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation, 39, 14th Liniya, St. Petersburg, 199178, Russia

    Vladimir Gorodetsky  & Igor Kotenko  & 

  2. US Air Force, Binghamton University (SUNY), Binghamton, NY, 13902, USA

    Victor A. Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bogdanov, V., Kotenko, I. (2007). Policy-Based Proactive Monitoring of Security Policy Performance. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds) Computer Network Security. MMM-ACNS 2007. Communications in Computer and Information Science, vol 1. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73986-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-73986-9_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73985-2

  • Online ISBN: 978-3-540-73986-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation