The evolution of Protégé: an environment for knowledge-based systems development
International Journal of Human-Computer Studies
The description logic handbook: theory, implementation, and applications
The description logic handbook: theory, implementation, and applications
Secrets and Lies: Digital Security in a Networked World
Secrets and Lies: Digital Security in a Networked World
Defense trees for economic evaluation of security investments
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Web Semantics Ontology
The Use of Attack and Protection Trees to Analyze Security for an Online Banking System
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Semantic Web and firewall alignment
ICDEW '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering Workshop
Supporting rule system interoperability on the semantic web with SWRL
ISWC'05 Proceedings of the 4th international conference on The Semantic Web
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
SP 800-44 Version 2. Guidelines on Securing Public Web Servers
SP 800-44 Version 2. Guidelines on Securing Public Web Servers
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability
Proceedings of the 2012 workshop on New security paradigms
Hi-index | 0.00 |
Managing the configuration of heterogeneous enterprise security mechanisms is a wholly complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs , a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study on Network Access Controls demonstrates how threats can be analyzed and how automated configuration recommendations can be made based on catalogues of best-practice countermeasures.