Sciweavers

DIMVA
2009

A Service Dependency Modeling Framework for Policy-Based Response Enforcement

14 years 1 months ago
A Service Dependency Modeling Framework for Policy-Based Response Enforcement
The use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation difficult. The enforcement of a single response rule requires performing multiple configuration changes on multiple services. This paper formally describes a Service Dependency Framework (SDF) in order to assist the response process in selecting the policy enforcement points (PEPs) capable of applying a dynamic response rule. It automatically derives elementary access rules from the generic access control, either allowed or denied by the dynamic response policy, so they can be locally managed by local PEPs. SDF introduces a requires/provides model of service dependencies. It models the service architecture in a modular way, and thus provides both extensibility and reusability o...
Nizar Kheir, Hervé Debar, Fréd&eacut
Added 09 Nov 2010
Updated 09 Nov 2010
Type Conference
Year 2009
Where DIMVA
Authors Nizar Kheir, Hervé Debar, Frédéric Cuppens, Nora Cuppens-Boulahia, Jouni Viinikka
Comments (0)