Service dependencies in information systems security

Hervé Debar; Nizar Kheir; Nora Cuppens-Boulahia; Frédéric Cuppens

doi:10.1007/978-3-642-14706-7_1

Service dependencies in information systems security

Hervé Debar
, Nizar Kheir
, Nora Cuppens-Boulahia
, Frédéric Cuppens

ENST Bretagne

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In the complex world of information services, we are realizing that system dependencies upon one another have not only operational implications but also security implications. These security implications are multifold. Beyond allowing an attacker to propagate over an information system by leveraging stepping stones vulnerabilities, it also allows a defender to select the most interesting enforcement points for its policies, overall reducing the cost of managing the security of these complex systems. In this paper, we present a dependency model that has been designed for the purpose of providing security operators with a quantitative decision support system for deploying and managing security policies.

Original language	English
Title of host publication	Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings
Publisher	Springer Verlag
Pages	1-20
Number of pages	20
ISBN (Print)	3642147054, 9783642147050
DOIs	https://doi.org/10.1007/978-3-642-14706-7_1
Publication status	Published - 1 Jan 2010

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6258 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Access to Document

10.1007/978-3-642-14706-7_1

Cite this

Debar, H., Kheir, N., Cuppens-Boulahia, N., & Cuppens, F. (2010). Service dependencies in information systems security. In Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings (pp. 1-20). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6258 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-14706-7_1

Debar, Hervé ; Kheir, Nizar ; Cuppens-Boulahia, Nora et al. / Service dependencies in information systems security. Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings. Springer Verlag, 2010. pp. 1-20 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5578ea8dba984a5da64007b295f60235,

title = "Service dependencies in information systems security",

abstract = "In the complex world of information services, we are realizing that system dependencies upon one another have not only operational implications but also security implications. These security implications are multifold. Beyond allowing an attacker to propagate over an information system by leveraging stepping stones vulnerabilities, it also allows a defender to select the most interesting enforcement points for its policies, overall reducing the cost of managing the security of these complex systems. In this paper, we present a dependency model that has been designed for the purpose of providing security operators with a quantitative decision support system for deploying and managing security policies.",

author = "Herv{\'e} Debar and Nizar Kheir and Nora Cuppens-Boulahia and Fr{\'e}d{\'e}ric Cuppens",

year = "2010",

month = jan,

day = "1",

doi = "10.1007/978-3-642-14706-7\_1",

language = "English",

isbn = "3642147054",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "1--20",

booktitle = "Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings",

}

Debar, H, Kheir, N, Cuppens-Boulahia, N & Cuppens, F 2010, Service dependencies in information systems security. in Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6258 LNCS, Springer Verlag, pp. 1-20. https://doi.org/10.1007/978-3-642-14706-7_1

Service dependencies in information systems security. / Debar, Hervé; Kheir, Nizar; Cuppens-Boulahia, Nora et al.
Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings. Springer Verlag, 2010. p. 1-20 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6258 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Service dependencies in information systems security

AU - Debar, Hervé

AU - Kheir, Nizar

AU - Cuppens-Boulahia, Nora

AU - Cuppens, Frédéric

PY - 2010/1/1

Y1 - 2010/1/1

N2 - In the complex world of information services, we are realizing that system dependencies upon one another have not only operational implications but also security implications. These security implications are multifold. Beyond allowing an attacker to propagate over an information system by leveraging stepping stones vulnerabilities, it also allows a defender to select the most interesting enforcement points for its policies, overall reducing the cost of managing the security of these complex systems. In this paper, we present a dependency model that has been designed for the purpose of providing security operators with a quantitative decision support system for deploying and managing security policies.

AB - In the complex world of information services, we are realizing that system dependencies upon one another have not only operational implications but also security implications. These security implications are multifold. Beyond allowing an attacker to propagate over an information system by leveraging stepping stones vulnerabilities, it also allows a defender to select the most interesting enforcement points for its policies, overall reducing the cost of managing the security of these complex systems. In this paper, we present a dependency model that has been designed for the purpose of providing security operators with a quantitative decision support system for deploying and managing security policies.

UR - https://www.scopus.com/pages/publications/78649301406

U2 - 10.1007/978-3-642-14706-7_1

DO - 10.1007/978-3-642-14706-7_1

M3 - Conference contribution

AN - SCOPUS:78649301406

SN - 3642147054

SN - 9783642147050

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 20

BT - Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings

PB - Springer Verlag

ER -

Debar H, Kheir N, Cuppens-Boulahia N, Cuppens F. Service dependencies in information systems security. In Computer Network Security - 5th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2010, Proceedings. Springer Verlag. 2010. p. 1-20. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-14706-7_1

Service dependencies in information systems security

Abstract

Publication series

Access to Document

Other files and links

Fingerprint

Cite this