Security policy pre-evaluation towards risk analysis

Han Yi; Yoshiaki Hori; Kouichi Sakurai

doi:10.1109/ISA.2008.114

Security policy pre-evaluation towards risk analysis

Han Yi, Yoshiaki Hori, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.

Original language	English
Title of host publication	Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
Pages	415-420
Number of pages	6
DOIs	https://doi.org/10.1109/ISA.2008.114
Publication status	Published - 2008
Event	2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of Duration: Apr 24 2008 → Apr 26 2008

Publication series

Name	Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Other

Other	2nd International Conference on Information Security and Assurance, ISA 2008
Country/Territory	Korea, Republic of
City	Busan
Period	4/24/08 → 4/26/08

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Information Systems and Management
Electrical and Electronic Engineering
Communication

Access to Document

10.1109/ISA.2008.114

Cite this

Security policy pre-evaluation towards risk analysis. / Yi, Han; Hori, Yoshiaki; Sakurai, Kouichi.
Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 415-420 4511603 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yi, H, Hori, Y & Sakurai, K 2008, Security policy pre-evaluation towards risk analysis. in Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008., 4511603, Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 415-420, 2nd International Conference on Information Security and Assurance, ISA 2008, Busan, Korea, Republic of, 4/24/08. https://doi.org/10.1109/ISA.2008.114

@inproceedings{4d7aac08cdb6430da3ddfe9a8cf841fc,

title = "Security policy pre-evaluation towards risk analysis",

abstract = "Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.",

author = "Han Yi and Yoshiaki Hori and Kouichi Sakurai",

year = "2008",

doi = "10.1109/ISA.2008.114",

language = "English",

isbn = "9780769531267",

series = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

pages = "415--420",

booktitle = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

note = "2nd International Conference on Information Security and Assurance, ISA 2008 ; Conference date: 24-04-2008 Through 26-04-2008",

}

TY - GEN

T1 - Security policy pre-evaluation towards risk analysis

AU - Yi, Han

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2008

Y1 - 2008

N2 - Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.

AB - Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.

UR - http://www.scopus.com/inward/record.url?scp=51349136634&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51349136634&partnerID=8YFLogxK

U2 - 10.1109/ISA.2008.114

DO - 10.1109/ISA.2008.114

M3 - Conference contribution

AN - SCOPUS:51349136634

SN - 9780769531267

T3 - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

SP - 415

EP - 420

BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

T2 - 2nd International Conference on Information Security and Assurance, ISA 2008

Y2 - 24 April 2008 through 26 April 2008

ER -

Security policy pre-evaluation towards risk analysis

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this