Specification and Enforcement of Dynamic Authorization Policies Oriented by Situations

Kabbani, Bashar; Laborde, Romain; Barrère, François; Benzekri, Abdelmalek

doi:10.1109/ntms.2014.6814050

Cited by 12 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We developed a situation-awareness approach [12,13,14] to deal with such complex security management issues. In this section, we specify this use case scenario as a security situationbased model.…”

Section: Expressing Situations Using Complex Eventsmentioning

confidence: 99%

Dynamic security management driven by situations: An exploratory analysis of logs for the identification of security situations

Benzekri

Laborde

Oglaza

et al. 2019

2019 3rd Cyber Security in Networking Conference (CSNet)

Self Cite

View full text Add to dashboard Cite

Situation awareness consists of "the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future". Being aware of the security situation is then mandatory to launch proper security reactions in response to cybersecurity attacks. Security Incident and Event Management solutions are deployed within Security Operation Centers. Some vendors propose machine learning based approaches to detect intrusions by analysing networks behaviours. But cyberattacks like Wannacry and NotPetya, which shut down hundreds of thousands of computers, demonstrated that networks monitoring and surveillance solutions remain insufficient. Detecting these complex attacks (a.k.a. Advanced Persistent Threats) requires security administrators to retain a large number of logs just in case problems are detected and involve the investigation of past security events. This approach generates massive data that have to be analysed at the right time in order to detect any accidental or caused incident. In the same time, security administrators are not yet seasoned to such a task and lack the desired skills in data science. As a consequence, a large amount of data is available and still remains unexplored which leaves number of indicators of compromise under the radar. Building on the concept of situation awareness, we developed a situation-driven framework, called dynSMAUG, for dynamic security management. This approach simplifies the security management of dynamic systems and allows the specification of security policies at a high-level of abstraction (close to security requirements). This invited paper aims at exposing real security situations elicitation, coming from networks security experts, and showing the results of exploratory analysis techniques using complex event processing techniques to identify and extract security situations from a large volume of logs. The results contributed to the extension of the dynSMAUG solution.

show abstract

Section: Expressing Situations Using Complex Eventsmentioning

confidence: 99%

Dynamic security management driven by situations: An exploratory analysis of logs for the identification of security situations

Benzekri

Laborde

Oglaza

et al. 2019

2019 3rd Cyber Security in Networking Conference (CSNet)

Self Cite

View full text Add to dashboard Cite

show abstract

“…To translate this statement in EPL, we specify event startFar in two steps (Figure 8). First, we compute two complex events: i ) MayBeFarEvent meaning either the smartphone (lines 4-5) or the computer (lines 6-7) of the same owner (line 11) moves to another room (line 12) while the current situation is close (lines [13][14][15][16][17], and ii ) MayBeCloseEvent when the smartphone (lines [22][23] or the computer (lines 24-25) moves to a room such that both devices are then in the same room (line 30) and while the current situation is far (lines 31-35). These complex events will be re-injected within the CEP system to compute the beginning of situation far by when an event MayBeFarEvent has been triggered…”

Section: Dynamic Security Based On Indoor Locationmentioning

confidence: 99%

“…However, their approach focuses mainly on the purpose of access only. Finally, we presented a preliminary work in [23] that advocates the necessity of a situation manager and we implemented the Break-the-Glass mechanism [24]. However, our work was limited to the outsourcing deployment mode only.…”

Section: Related Workmentioning

confidence: 99%

A situation-driven framework for dynamic security management

et al. 2018

Self Cite

View full text Add to dashboard Cite

show abstract

“…Dynamic Rule Evaluation. Few researchers have started looking at dynamic policy rule evaluation as opposed to static policies [8], [18]. Among the relatively few researchers who took dynamicity of a context to a higher level by considering dynamicity of a rule is Pallapa et al [30].…”

Section: Related Workmentioning

confidence: 99%

XACML Policy Evaluation with Dynamic Context Handling

Ammar

Malik

Bertino

et al. 2015

IEEE Trans. Knowl. Data Eng.

View full text Add to dashboard Cite

Some fairly recent research has focused on providing XACML-based solutions for dynamic privacy policy management. In this regard, a number of works have provided enhancements to the performance of XACML Policy Enforcement Point (PEP) component, but very few have focused on enhancing the accuracy of that component. This paper improves the accuracy of an XACML PEP by filling some gaps in the existing works. In particular, dynamically incorporating user access context into the privacy policy decision, and its enforcement. We provide an XACML-based implementation of a dynamic privacy policy management framework and an evaluation of the applicability of our system in comparison to some of the existing approaches.

show abstract

Specification and Enforcement of Dynamic Authorization Policies Oriented by Situations

Cited by 12 publications

References 9 publications

Dynamic security management driven by situations: An exploratory analysis of logs for the identification of security situations

Dynamic security management driven by situations: An exploratory analysis of logs for the identification of security situations

A situation-driven framework for dynamic security management

XACML Policy Evaluation with Dynamic Context Handling

Contact Info

Product

Resources

About