An Approach to Security Policy Configuration Using Semantic Threat Graphs

Authors:
Simon N. Foley;William M. Fitzgerald
Affiliations:
Cork Constraint Computation Centre, Computer Science Department, University College Cork, Ireland;Cork Constraint Computation Centre, Computer Science Department, University College Cork, Ireland
Venue:
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Year:
2009

Citing 10
Cited 2

The evolution of Protégé: an environment for knowledge-based systems development

International Journal of Human-Computer Studies
The description logic handbook: theory, implementation, and applications

The description logic handbook: theory, implementation, and applications
Secrets and Lies: Digital Security in a Networked World

Secrets and Lies: Digital Security in a Networked World
Defense trees for economic evaluation of security investments

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Web Semantics Ontology

Web Semantics Ontology
The Use of Attack and Protection Trees to Analyze Security for an Online Banking System

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Semantic Web and firewall alignment

ICDEW '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering Workshop
Supporting rule system interoperability on the semantic web with SWRL

ISWC'05 Proceedings of the 4th international conference on The Semantic Web
Foundations of attack trees

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
SP 800-44 Version 2. Guidelines on Securing Public Web Servers

SP 800-44 Version 2. Guidelines on Securing Public Web Servers

Management of heterogeneous security access control configuration using an ontology engineering approach

Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability

Proceedings of the 2012 workshop on New security paradigms

Quantified Score

Hi-index	0.00

Visualization

Abstract

Managing the configuration of heterogeneous enterprise security mechanisms is a wholly complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs , a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study on Network Access Controls demonstrates how threats can be analyzed and how automated configuration recommendations can be made based on catalogues of best-practice countermeasures.