Distributed Security Policy Conformance
نویسندگان
چکیده
Security policy conformance is a crucial issue in large-scale critical cyber-infrastructure. The complexity of these systems, insider attacks, and the possible speed of an attack on a system necessitate an automated approach to assure a basic level of protection. This paper presents Odessa, a resilient system for monitoring and validating compliance of networked systems to complex policies. To manage the scale of infrastructure systems and to avoid single points of failure or attack, Odessa distributes policy validation across many network nodes. Partial delegation enables the validation of component policies and of liveness at the edge nodes of the network using redundancy to increase security. Redundant distributed servers aggregate data to validate more complex policies. Our practical implementation of Odessa resists Byzantine failure of monitoring using an architecture that significantly increases scalability and attack resistance.
منابع مشابه
Testing Security Policies for Distributed Systems: Vehicular Networks as a Case Study
Due to the increasing complexity of distributed systems, security testing is becoming increasingly critical in insuring reliability of such systems in relation to their security requirements. . To challenge this issue, we rely in this paper on model based active testing. In this paper we propose a framework to specify security policies and test their implementation. Our framework makes it possi...
متن کاملPreliminary Proceedings 5 th International Workshop on Security Issues in Concurrency ( SecCo ’ 07 )
We consider the problem of statically verifying the conformance of the code of a system to an explicit authorization policy. In a distributed setting, some part of the system may be compromised, that is, some nodes of the system and their security credentials may be under the control of an attacker. To help predict and bound the impact of such partial compromise, we advocate logic-based policie...
متن کاملA Formal Equivalence Classes Based Method for Security Policy Conformance Checking
Di erent security policy models have been developed andpublished in the past. Proven security policy models, if correctly im-plemented, guarantee the protection of data objects from unauthorizedaccess or usage or prevent an illegal information ow. To verify that asecurity policy model has been correctly implemented, it is importantto de ne and execute an exhaustive list of t...
متن کاملDefining a Security Reference Architecture
This report discusses the definition and modeling of reference architectures that specify the security aspects of distributed systems. NSA’s MISSI (Multilevel Information System Security Initiative) security reference architecture is used as an illustrative example. We show how one would define such a reference architecture, and how one could use such a definition to model as well as check impl...
متن کاملConformance Testing of Balana: An Open Source Implementation of the XACML3.0 Standard
As a new generation access control method, Attribute-Based Access Control (ABAC) has gained increasing attention. Currently, Balana is the only open-source implementations of XACML 3.0, which is an OASIS standard for specifying ABAC. Considering that XACML is much more complex than traditional access control models, conformance testing of any XACML implementation is an important problem. Using ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computers & Security
دوره 33 شماره
صفحات -
تاریخ انتشار 2011