scholarly journals A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

2010 ◽  
Vol 61 (1) ◽  
pp. 20-28 ◽  
Author(s):  
Ahmed Hassan ◽  
Waleed Bahgat
Keyword(s):  
Network Security ◽  
Access Control ◽  
Security Policy ◽  
Security Policies ◽  
Second Phase ◽  
Security Model ◽  
Intermediate Model ◽  
Low Level ◽  
Proposed Model ◽  
High Level

A Framework for Translating a High Level Security Policy into Low Level Security MechanismsSecurity policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Dynamic FCFS ACM Model for Risk Assessment on Real Time Unix File System

2015 ◽  
pp. 551-571
Author(s):  
Prashant Kumar Patra ◽  
Padma Lochan Pradhan
Keyword(s):  
Risk Assessment ◽  
Access Control ◽  
Security Policy ◽  
Security Requirements ◽  
Management Policy ◽  
Security Model ◽  
Distributed Environment ◽  
Web Portal ◽  
Proposed Model ◽  
The Right

The access control is a mechanism that a system grants, revoke the right to access the object. The subject and object can able to integrate, synchronize, communicate and optimize through read, write and execute over a UFS. The access control mechanism is the process of mediating each and every request to system resources, application and data maintained by a operating system and determining whether the request should be approve, created, granted or denied as per top management policy. The AC mechanism, management and decision is enforced by implementing regulations established by a security policy. The management has to investigate the basic concepts behind access control design and enforcement, point out different security requirements that may need to be taken into consideration. The authors have to formulate and implement several ACM on normalizing and optimizing them step by step, that have been highlighted in proposed model for development and production purpose. This research paper contributes to the development of an optimization model that aims and objective to determine the optimal cost, time and maximize the quality of services to be invested into security model and mechanisms deciding on the measure components of UFS. This model has to apply to ACM utilities over a Web portal server on object oriented and distributed environment. This ACM will be resolve the uncertainty, un-order, un formal and unset up (U^4) problems of web portal on right time and right place of any where & any time in around the globe. It will be more measurable and accountable for performance, fault tolerance, throughput, bench marking and risk assessment on any application.

Dynamic FCFS ACM Model for Risk Assessment on Real Time Unix File System

2013 ◽  
Vol 5 (4) ◽  
pp. 41-62
Author(s):  
Prashant Kumar Patra ◽  
Padma Lochan Pradhan
Keyword(s):  
Risk Assessment ◽  
Access Control ◽  
Security Policy ◽  
Security Requirements ◽  
Management Policy ◽  
Security Model ◽  
Distributed Environment ◽  
Web Portal ◽  
Proposed Model ◽  
The Right

The access control is a mechanism that a system grants, revoke the right to access the object. The subject and object can able to integrate, synchronize, communicate and optimize through read, write and execute over a UFS. The access control mechanism is the process of mediating each and every request to system resources, application and data maintained by a operating system and determining whether the request should be approve, created, granted or denied as per top management policy. The AC mechanism, management and decision is enforced by implementing regulations established by a security policy. The management has to investigate the basic concepts behind access control design and enforcement, point out different security requirements that may need to be taken into consideration. The authors have to formulate and implement several ACM on normalizing and optimizing them step by step, that have been highlighted in proposed model for development and production purpose. This research paper contributes to the development of an optimization model that aims and objective to determine the optimal cost, time and maximize the quality of services to be invested into security model and mechanisms deciding on the measure components of UFS. This model has to apply to ACM utilities over a Web portal server on object oriented and distributed environment. This ACM will be resolve the uncertainty, un-order, un formal and unset up (U^4) problems of web portal on right time and right place of any where & any time in around the globe. It will be more measurable and accountable for performance, fault tolerance, throughput, bench marking and risk assessment on any application.

XACML-Based Fine-Grained Security Policy for Distributed System

2011 ◽  
Vol 225-226 ◽  
pp. 848-851
Author(s):  
Ai Juan Zhang ◽  
Jing Xiang Gao ◽  
Cheng Ji
Keyword(s):  
Access Control ◽  
Software Development ◽  
Security Policy ◽  
Control Policy ◽  
Distributed Applications ◽  
Security Policies ◽  
Security Model ◽  
Access Control Policy ◽  
Fine Grained ◽  
Security Modeling

Distributed applications often require integrating security policies of collaborating parties. The integration must be able to support complex authorization specifications and the fine-grained resources access requirements that the various parties may have. But now security modeling is not considered as a vital part in software development. In this paper, it is proposed to integrate the design of access control policy into software development. In this paper, UML is used to model access control policy, and then a framework is designed to generate the security model result expressed in XACML and to verify the policy correct and complete.

Improved Access Control Mechanisms Using Action Weighted Grid Authorization Graph for Faster Decision Making

2021 ◽  
Vol 15 (1) ◽  
pp. 99-116
Author(s):  
Sarra Namane ◽  
Nassira Ghoualmi ◽  
Mustafa Kaiiali
Keyword(s):  
Decision Making ◽  
Access Control ◽  
Security Policy ◽  
Security Policies ◽  
Control Mechanisms ◽  
Secure Access ◽  
Proposed Model ◽  
Security Rule ◽  
Grid Resources ◽  
The Way

Access control mechanisms are the way to guarantee secure access to grid resources. Recent research works were focused on how to improve the representation of the resources' security policies for faster decisions making. PCM, HCM, GAG, and WGAG are all different ways to represent these security policies. This paper presents an enhancement to WGAG, the action-weighted grid authorization graph (Action-WGAG). A security policy-parser (SP-Parser) has been developed to implement the Action-WGAG. The evaluation results of the proposed model showed that it assures a smaller number of security rule checking in some cases and a reduction of the answer time to an access control request.

Security Policy Specification

2012 ◽  
pp. 66-93 ◽  
Author(s):  
Jorge Bernal Bernabé ◽  
Juan M. Marín Pérez ◽  
Jose M. Alcaraz Calero ◽  
Jesús D. Jiménez Re ◽  
Félix J.G. Clemente ◽  
...  
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Information Model ◽  
Security Policies ◽  
Low Level ◽  
Policy Based Management ◽  
Common Information Model ◽  
Refinement Process ◽  
Policy Refinement ◽  
High Level

Policy-based management of information systems enables the specification of high-level policies which need to be refined into lower level configurations suitable to be directly applied to services and final devices in order to achieve the high-level behavior previous specified. This chapter presents a proposal for describing high-level security policies and for carrying out the policy refinement process for which low level policies and configurations are achieved. Firstly, an analysis of different research works related to the specification of security policy is provided. Then, a detailed description of the information model used for describing the information systems and the policies is described. After that, the language designed for specifying high level security policies is explained as well as the low level language based on the Common Information Model. Finally, some aspect about the policy refinement process done in the policy-based system in order to achieve low-level policies from the high-level security policies is outlined together with a description of the tools which can assist in the definition of the security policies and in the process refinement process.

Security Policies and Risk Analysis

2008 ◽  
pp. 137-160
Author(s):  
Joseph Kizza ◽  
Florence Migga Kizza
Keyword(s):  
Network Security ◽  
Risk Analysis ◽  
Best Practices ◽  
Security Policy ◽  
Security Policies ◽  
Communication Infrastructure ◽  
Security Personnel ◽  
Good Policy

In the last chapter, we discussed the basics of network security. Among the issues that we briefly touched on are the techniques and best practices that are currently being used by many security personnel in a variety of networks that make up the communication infrastructure. In this chapter, we are going to start with what is considered to be the most basic of all security techniques—security.policy. We will discuss several issues about security policy, like what constitutes a good policy and how to formulate, develop, write implement, and maintain a security policy.

scholarly journals InteractionNN: A Neural Network for Learning Hidden Features in Sparse Prediction

2019 ◽  
Author(s):  
Xiaowang Zhang ◽  
Qiang Gao ◽  
Zhiyong Feng
Keyword(s):  
Neural Network ◽  
Nonlinear Interaction ◽  
Feature Interaction ◽  
Feed Forward Neural Network ◽  
Low Level ◽  
Feature Interactions ◽  
Proposed Model ◽  
Benchmark Datasets ◽  
High Level ◽  
Dense Features

In this paper, we present a neural network (InteractionNN) for sparse predictive analysis where hidden features of sparse data can be learned by multilevel feature interaction. To characterize multilevel interaction of features, InteractionNN consists of three modules, namely, nonlinear interaction pooling, layer-lossing, and embedding. Nonlinear interaction pooling (NI pooling) is a hierarchical structure and, by shortcut connection, constructs low-level feature interactions from basic dense features to elementary features. Layer-lossing is a feed-forward neural network where high-level feature interactions can be learned from low-level feature interactions via correlation of all layers with target. Moreover, embedding is to extract basic dense features from sparse features of data which can help in reducing our proposed model computational complex. Finally, our experiment evaluates on the two benchmark datasets and the experimental results show that InteractionNN performs better than most of state-of-the-art models in sparse regression.

scholarly journals XACML Implementation Based on Graph Databases

10.29007/rf56 ◽  
2019 ◽  
Author(s):  
Ying Jin ◽  
Krishna Kaja
Keyword(s):  
Access Control ◽  
Security Policy ◽  
Markup Language ◽  
Graph Database ◽  
Graph Databases ◽  
Query Result ◽  
Policy Specification ◽  
Conflict Resolution Strategies ◽  
Control Decision ◽  
High Level

Extensible Access Control Markup Language (XACML) is an OASIS standard for security policy specification. It consists of a policy language to define security authorizations and an access control decision language for requests and responses. The high-level policy specification is independent of underlying implementation. Different from existing approaches, this research uses a graph database for XACML implementation. Once a policy is specified, it will be parsed and the parsing results will be processed by eliminating duplicates and resolving conflicts. The final results are saved as graphs in the persistent storage. When a XACML request is submitted, the request is processed as a query to the graph database. Based on this query result, a XACML response will be produced to permit or deny the user’s request. This paper describes the architecture, implementation details, and conflict resolution strategies of our system to implement XACML.

scholarly journals A Novel Hadoop Security Model for Addressing Malicious Collusive Workers

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Amr M. Sauber ◽  
Ahmed Awad ◽  
Amr F. Shawish ◽  
Passent M. El-Kafrawy
Keyword(s):  
Security Model ◽  
Cloud Environment ◽  
Master Node ◽  
Computing Model ◽  
System A ◽  
Proposed Model ◽  
Data Production ◽  
Hadoop Cluster ◽  
High Level ◽  
Novel Model

With the daily increase of data production and collection, Hadoop is a platform for processing big data on a distributed system. A master node globally manages running jobs, whereas worker nodes process partitions of the data locally. Hadoop uses MapReduce as an effective computing model. However, Hadoop experiences a high level of security vulnerability over hybrid and public clouds. Specially, several workers can fake results without actually processing their portions of the data. Several redundancy-based approaches have been proposed to counteract this risk. A replication mechanism is used to duplicate all or some of the tasks over multiple workers (nodes). A drawback of such approaches is that they generate a high overhead over the cluster. Additionally, malicious workers can behave well for a long period of time and attack later. This paper presents a novel model to enhance the security of the cloud environment against untrusted workers. A new component called malicious workers’ trap (MWT) is developed to run on the master node to detect malicious (noncollusive and collusive) workers as they convert and attack the system. An implementation to test the proposed model and to analyze the performance of the system shows that the proposed model can accurately detect malicious workers with minor processing overhead compared to vanilla MapReduce and Verifiable MapReduce (V-MR) model [1]. In addition, MWT maintains a balance between the security and usability of the Hadoop cluster.

Sign in / Sign up

Export Citation Format

Share Document