Sciweavers

DBSEC
2009

An Approach to Security Policy Configuration Using Semantic Threat Graphs

14 years 1 months ago
An Approach to Security Policy Configuration Using Semantic Threat Graphs
Managing the configuration of heterogeneous enterprise security mechanisms is a wholly complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study on Network Access Controls demonstrates how threats can be analyzed and how automated configuration recommendations can be made based on catalogues of ...
Simon N. Foley, William M. Fitzgerald
Added 09 Nov 2010
Updated 09 Nov 2010
Type Conference
Year 2009
Where DBSEC
Authors Simon N. Foley, William M. Fitzgerald
Comments (0)