Skip to main content

Research Repository

Advanced Search

Novel Framework for Automated Security Abstraction, Modelling, Implementation and Verification

Saliou, Lionel; Buchanan, William J; Graves, Jamie; Munoz, Jose

Authors

Lionel Saliou

Jamie Graves

Jose Munoz



Contributors

William Hutchinson
Editor

Abstract

This paper presents a novel framework for network security, and provides a complete solution to integrated security policies, which meets the objectives of an organisation, and also an automated verification process. The framework uses a security compiler, which converts high-level abstract definitions of the objectives of an organisation, and its security requirements. The output of this is then converted into an XML abstraction of security requirements, which can then be modelled, and converted into an implementable form, such as using firewall and IDS rules. Once it has been implemented, network agents are then used to generate and gather data allowing the security policy to be verified against the requirements.

The main areas of the framework are:

• Formal definition and abstraction. This involves the application of formal abstract security languages, such as an ontology mark-up language, and the novel implementation of integrated social rules, along with some form of definition of the aims and objectives of the organisation.
• Implementation. This involves converting the abstraction of the security policy into code and configurations, which can be implemented in the network devices, such as in the implementation of firewall and IDS rules, along with rules for data gathering agents. The paper shows practical implementations of these.
• Test and verification. This involves using data gathering and test generation agents to test and verify that the security system meets its initial objectives. This is obviously a key element in the system, as it provides automated feedback, and refinement.

The paper also provides novel results, which show how network agents can detect threats, and how the network can reconfigure itself, and limit its damage. It also shows typical delays for well-known worm threats and concludes with a novel method of detection and proposes methods on how the network could automate its configuration to overcome typical network threats, such as worms and viruses.

Citation

Saliou, L., Buchanan, W. J., Graves, J., & Munoz, J. (2005). Novel Framework for Automated Security Abstraction, Modelling, Implementation and Verification. In W. Hutchinson (Ed.),

Conference Name 4th European Conference on Information Warfare and Security
Start Date Jul 11, 2005
End Date Jul 12, 2005
Publication Date Jul 11, 2005
Deposit Date May 20, 2009
Publicly Available Date May 20, 2009
Peer Reviewed Peer Reviewed
Pages 303-311
Keywords Network agents; Security abstraction; Formal definition; Reconfiguration; Automated verification;
Public URL http://researchrepository.napier.ac.uk/id/eprint/2600
Contract Date May 20, 2009

Files









You might also like



Downloadable Citations