TY - GEN
T1 - Service Dependencies-Aware Policy Enforcement Framework Based on Hierarchical Colored Petri Net
AU - Ben Mustapha, Yosra
AU - Debar, Hervé
PY - 2013/1/1
Y1 - 2013/1/1
N2 - As computer and network security threats become more sophisticated and the number of service dependencies is increasing, optimal response decision is becoming a challenging task for security administrators. They should deploy and implement proper network security policy enforcement mechanisms in order to apply the appropriate countermeasures and defense strategy. In this paper, we propose a novel modeling framework which considers the service dependencies while identifying and selecting the appropriate Policy Enforcement Points during an intrusion response process. First, we present the security implications of the service dependencies that have been developed in the literature. Second, we give an overview of Colored Petri Nets (CPN) and Hierarchical CPN (HCPN) and its application on network security. Third, we specify our Service Dependencies-aware Policy Enforcement Framework which is based on the application of HCPN. Finally and to illustrate the advantage of our approach, we present a webmail application use case with the integration of different Policy Enforcement Points.
AB - As computer and network security threats become more sophisticated and the number of service dependencies is increasing, optimal response decision is becoming a challenging task for security administrators. They should deploy and implement proper network security policy enforcement mechanisms in order to apply the appropriate countermeasures and defense strategy. In this paper, we propose a novel modeling framework which considers the service dependencies while identifying and selecting the appropriate Policy Enforcement Points during an intrusion response process. First, we present the security implications of the service dependencies that have been developed in the literature. Second, we give an overview of Colored Petri Nets (CPN) and Hierarchical CPN (HCPN) and its application on network security. Third, we specify our Service Dependencies-aware Policy Enforcement Framework which is based on the application of HCPN. Finally and to illustrate the advantage of our approach, we present a webmail application use case with the integration of different Policy Enforcement Points.
UR - https://www.scopus.com/pages/publications/84904701330
U2 - 10.1007/978-3-642-40576-1_31
DO - 10.1007/978-3-642-40576-1_31
M3 - Conference contribution
AN - SCOPUS:84904701330
SN - 9783642405754
T3 - Communications in Computer and Information Science
SP - 313
EP - 321
BT - Security in Computing and Communications - International Symposium, SSCC 2013, Proceedings
PB - Springer Verlag
T2 - International Symposium on Security in Computing and Communications, SSCC 2013
Y2 - 22 August 2013 through 24 August 2013
ER -