Extensible policy framework for heterogeneous network environments

Authors:
Lawrence Teo;Gail-Joon Ahn
Affiliations:
UNC Charlotte, 9201 University City Blvd., Charlotte, NC 28223, USA;Lab. of Security Engineering for Future Computing SEFCOM, Arizona State University, 699 South Mill Ave., Tempe, AZ 85281, USA
Venue:
International Journal of Information and Computer Security
Year:
2013

Citing 18
Cited 0

A unified framework for enforcing multiple access control policies

SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
On the increasing importance of constraints

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Modular authorization

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
A logical framework for reasoning about access control models

ACM Transactions on Information and System Security (TISSEC)
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Dynamic and risk-aware network access management

Proceedings of the eighth ACM symposium on Access control models and technologies
A Privacy Policy Model for Enterprises

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Logical Language for Expressing Authorizations

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Policy management using access control spaces

ACM Transactions on Information and System Security (TISSEC)
Protection in flexible operating system architectures

ACM SIGOPS Operating Systems Review
Defeating Internet Attacks Using Risk Awareness and Active Honeypots

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Resolving constraint conflicts

Proceedings of the ninth ACM symposium on Access control models and technologies
Firmato: A novel firewall management toolkit

ACM Transactions on Computer Systems (TOCS)
Scaling Network Services Using Programmable Network Devices

Computer
Supporting access control policies across multiple operating systems

Proceedings of the 43rd annual Southeast regional conference - Volume 2
Alpaca: extensible authorization for distributed services

Proceedings of the 14th ACM conference on Computer and communications security
Multi-access Management in Heterogeneous Networks

Wireless Personal Communications: An International Journal
A system for visual role-based policy modelling

Journal of Visual Languages and Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security policy management is critical to meet organisational needs and reduce potential risks because almost every organisation depends on computer networks and the internet for their daily operations. It is therefore important to specify and enforce security policies effectively. However, as organisations grow, so do their networks - this increases the difficulty of deploying a security policy, especially across heterogeneous systems. In this paper, we introduce a policy framework called Chameleos-x which is designed to enforce security policies consistently across security-aware systems with network services - primarily operating systems, firewalls, and intrusion detection systems. Throughout this paper, we focus on the design and architecture of Chameleos-x and demonstrate how our policy framework helps organisations implement security policies in changing, diversity-rich environments. We also describe our ongoing work in the experimentation of Chameleos-x, where we have obtained promising results.