Role-Based Access Control Models
Computer
Evaluating the Impact of Automated Intrusion Response Mechanisms
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Modelling Contexts in the Or-BAC Model
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Dependency Algebra: A Tool for Designing Robust Real-Time Systems
RTSS '05 Proceedings of the 26th IEEE International Real-Time Systems Symposium
Graph based Metrics for Intrusion Response Measures in Computer Networks
LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
A taxonomy of intrusion response systems
International Journal of Information and Computer Security
Expression and Deployment of Reaction Policies
SITIS '08 Proceedings of the 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems
Informing the decision process in an automated intrusion response system
Information Security Tech. Report
A system dependability modeling framework using AADL and GSPNs
Architecting dependable systems IV
A service dependency model for cost-sensitive intrusion response
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Hi-index | 0.00 |
The use of dynamic access control policies for threat response adapts local response decisions to high level system constraints. However, security policies are often carefully tightened during system design-time, and the large number of service dependencies in a system architecture makes their dynamic adaptation difficult. The enforcement of a single response rule requires performing multiple configuration changes on multiple services. This paper formally describes a Service Dependency Framework (SDF) in order to assist the response process in selecting the policy enforcement points (PEPs) capable of applying a dynamic response rule. It automatically derives elementary access rules from the generic access control, either allowed or denied by the dynamic response policy, so they can be locally managed by local PEPs. SDF introduces a requires /provides model of service dependencies. It models the service architecture in a modular way, and thus provides both extensibility and reusability of model components. SDF is defined using the Architecture Analysis and Design Language, which provides formal concepts for modeling system architectures. This paper presents a systematic treatment of the dependency model which aims to apply policy rules while minimizing configuration changes and reducing resource consumption.