Model-Driven Security Policy Deployment: Property Oriented Approach

Preda, Stere; Cuppens-Boulahia, Nora; Cuppens, Frédéric; García-Alfaro, Joaquín; Toutain, Laurent

doi:10.1007/978-3-642-11747-3_10

Cited by 12 publications

(14 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The specification patterns can be formalized in a first-order, real-time linear temporal logic augmented with epistemic constructs for security-related predicates. Preda et al [53] propose a formal technique that combines the use of access control policies expressed in the Organization-Based Access Control (OrBAC) [54] language together coupled with specifications based on the B-Method [55]. As application, the security requirements are expressed for the IPsec tunnels modeled by a sequence diagram.…”

Section: Specification Of Security Requirementsmentioning

confidence: 99%

Specification, verification, and quantification of security in model-based systems

Ouchani

Debbabi

2015

Computing

View full text Add to dashboard Cite

Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to develop secure products, prove their security correctness, measure their resilience to attacks, and check if vulnerabilities exist. In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems.

show abstract

Section: Specification Of Security Requirementsmentioning

confidence: 99%

Specification, verification, and quantification of security in model-based systems

Ouchani

Debbabi

2015

Computing

View full text Add to dashboard Cite

show abstract

“…[1] provides a logical framework to encode multiple authorization policies into a proof-carrying authorization formalism. In [17] Method-B is used to formalize the deployment of AC policies on systems composed of several (network) components. Finally, by using model-driven techniques, in [5] the authors formalize the policy continuum model, that represent policies at different inter-related abstraction layers although it does not tackle the problem of inter-related architectural layers.…”

Section: Related Workmentioning

confidence: 99%

Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems

Martínez

García-Alfaro²,

Cuppens

et al. 2015

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Abstract. Security is a critical concern for any information system. Security properties such as confidentiality, integrity and availability need to be enforced in order to make systems safe. In complex environments, where information systems are composed of a number of heterogeneous subsystems, each must participate in their achievement. Therefore, security integration mechanisms are needed in order to 1) achieve the global security goal and 2) facilitate the analysis of the security status of the whole system. For the specific case of access-control, access-control policies may be found in several components (databases, networks and applications) all, supposedly, working together in order to meet the high level security property. In this work we propose an integration mechanism for accesscontrol policies to enable the analysis of the system security. We rely on modeldriven technologies and the XACML standard to achieve this goal.

show abstract

“…Section 2.1). The formal frame to design the refinement mechanism of MIRAGE is presented in [18]. The policy deployment algorithms are developed using the B Method [2], a theorem proving method.…”

Section: Top-down Refinement Of Global Policiesmentioning

confidence: 99%

“…Thus, from the early stage of their B development (i.e., abstract B specification), the policy deployment algorithms of MIRAGE target the interesting security properties. Examples of security properties we took into account, and expressed as B invariants, in [18] are:…”

Section: Top-down Refinement Of Global Policiesmentioning

confidence: 99%

“…Developed as a web service, MIRAGE can autonomously be executed under the control of several operators in order to offer the system with the following functions: (1) an intra-component analysis which detects inconsistencies between rules within single security component policies [12,10]; (2) an inter-component analysis of rules to detect inconsistencies between configurations of different devices [15]; (3) an aggregation mechanism to fold all the existing policies into a single, and consistent, global set of rules [14]; and (4) a refinement process to properly deploy the global set of rules over new security components [17,18]. In all four cases, MIRAGE utilizes a description of the topology of the whole security architecture.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MIRAGE: A Management Tool for the Analysis and Deployment of Network Security Policies

García-Alfaro

Cuppens

Cuppens-Boulahia

et al. 2011

Data Privacy Management and Autonomous Spontaneous Security

Self Cite

View full text Add to dashboard Cite

Abstract. We present the core functionality of MIRAGE, a management tool for the analysis and deployment of configuration policies over network security components, such as firewalls, intrusion detection systems, and VPN routers. We review the two main functionalities embedded in our current prototype: (1) a bottom-up analysis of already deployed network security configurations and (2) a top-down refinement of global policies into network security component configurations. In both cases, MIRAGE provides intra-component analysis to detect inconsistencies in single component deployments; and inter-component analysis, to detect multi-component deployments which are not consistent. MIRAGE also manages the description of the security architecture topology, to guarantee the proper execution of all the processes.

show abstract

Model-Driven Security Policy Deployment: Property Oriented Approach

Cited by 12 publications

References 18 publications

Specification, verification, and quantification of security in model-based systems

Specification, verification, and quantification of security in model-based systems

Model-Driven Integration and Analysis of Access-control Policies in Multi-layer Information Systems

MIRAGE: A Management Tool for the Analysis and Deployment of Network Security Policies

Contact Info

Product

Resources

About