Traditional network security technologies such as firewalls and intrusion detection systems usually work according to a static ruleset only. We believe that a better approach to network security can be achieved if we use quantified levels of risk as an input. In this paper, we describe a dynamic access control architecture which uses risk to determine whether to allow or deny access by a source connection into the network. A simulation of our architecture shows favorable and promising results.
Security policy management is critical to meet organizational needs and reduce potential risks because almost every organization depends on computer networks and the Internet for their daily operations. It is therefore important to specify and enforce security policies effectively. However, as organizations grow, so do their networks increasing the difficulty of deploying a security policy, especially across heterogeneous systems. In this paper, we introduce a policy framework called Chameleos-x which is designed to enforce security policies consistently across security-aware systems with network services-primarily operating systems, firewalls, and intrusion detection systems. Throughout this paper, we focus on the design and architecture of Chameleosx and demonstrate how our policy framework helps organizations implement security policies in changing, diversityrich environments. We also describe our experimentation of Chameleos-x to demonstrate the feasibility of the proposed approach.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.