Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy Compliance Checking Slides from the PhD defense of Dr. Vaibhav Gowadia.

Published byHugh Lucas Modified over 9 years ago

Similar presentations

Presentation on theme: "Policy Compliance Checking Slides from the PhD defense of Dr. Vaibhav Gowadia."— Presentation transcript:

1 Policy Compliance Checking Slides from the PhD defense of Dr. Vaibhav Gowadia

2 Research Problems How can we model both high-level and low- level security policies in one framework? How can we determine whether the low-level policy and current system configuration is compliant to the high-level policy?

3 Example High-level policy Alice must provide read access to users in group Gamecocks to access files on server Hercules. Alice must protect the files on Hercules from unauthorized access

4 Example Low-level Policy Give read access on all files hosted on Hercules to users in group Gamecocks Deny access to all other users Add firewall rules to block access from untrusted IP addresses

5 Compliance Checking Framework High-level policy KB – Ontology and Refinement Patterns (Concept-level): 1.Common to all 2.Domain-specific Report Domain-data (Instance): Role-assignment, Organization structure Domain-data (Instance): System configuration, Low-level security policies 1 4 5 6 2 5 Detect Conflicts and Violations Refinement 3

6 State The state of a data system is described by collection of properties of objects in the data system. A state space is a set of states.

7 Action  A Initial State SpaceFinal State Space Action Type, A:  ! 

8 Action Composition Sequence Operator: a 1 ;a 2 And Operator: a 1 ^ a 2 Choice Operator: a 1 _ a 2

9 Composition Types Basic Composition a 1 _ a 2 : Either of them is sufficient otherwise, both a 1 and a 2 must be performed Advanced Composition Obligation to perform one of the subactions is conditional Strict Composition It must be feasible to perform both a 1 and a 2 in the initial state and both must be performed Flexible Composition It is feasible to perform either a 1 and a 2 in the initial state and both must be performed

10 Action Refinement a 1 © a 2 is a refinement of a, i.e., a v a 1 © a 2, 8  2  where a(  ) ! , such that  2  (a 1 © a 2 )(  ) !  ', such that  v  '. ’’  a a 1 © a 2

11 Policy Refinement Derivation via subject-hierarchy Derivation via action refinement

Download ppt "Policy Compliance Checking Slides from the PhD defense of Dr. Vaibhav Gowadia."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten –

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Ten –
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
1 Host – Based Intrusion Detection “Working of Tripwire”

1 Host – Based Intrusion Detection “Working of Tripwire”
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
RADIUS Server (Brocade Controller)

RADIUS Server (Brocade Controller)
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.

Similar presentations

Ads by Google