Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2002.9C.6.823

A Study on Generalization of Security Policies for Enterprise Security Management System  

Choi, Hyun-H. (성균관대학교 대학원 전기전자 및 컴퓨터공학과)
Chung, Tai-M. (성균관대학교 정보통신공학부)
Publication Information
The KIPS Transactions:PartC / v.9C, no.6, 2002 , pp. 823-830 More about this Journal
Abstract
Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we propose the model of generalized security policies. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. In the generalization process of security policies. we first diagnose the security status of monitored networks by analyzing security goals, requirements, and security-related information that security agents collect. Next, we decide the security mechanisms and objects for security policies, and then evaluate the properness of them on the basis of security goals, requirements and a policy list. With the generalization process, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large networks.
Keywords
security policy; policy management; enterprise security management;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 L.Lewis, 'Implementing policy in enterprise networks,' IEEE Communications Magazine, Vol.34, Iss.1, pp.50-55, Jan., 1996   DOI   ScienceOn
2 D. Schnackengerg, H. Holliday, et al, 'Cooperative Intrusion Traceback and Response Architecture (CITRA),' DARPA Information Survivability Conference & Exposition II, 2001 DISCEX'01, Proceedings, Vol.1, pp.56-68, Jan., 2001   DOI
3 R. Barruffi, M. Milano, et al, 'Planning for security management,' IEEE Intelligent Systems [see also IEEE Expert], Vol.16, Iss.1, pp.74-80, Feb., 2001   DOI
4 J. Zao, L. Sanchez, et al, 'Domain based Internet security policy management,' DARPA Information Survivability Conference and Exposition, 2000. DOSCEX'00, Proceedings, Vol.1, pp.41-53, Jan., 1999   DOI
5 G. Patz, M. Condell, et al, 'Multidimensional security policy management for dynamic coalitions,' DARPA Information Survivability Conference & Exposition II, 2001, DISCEX'01. Proceedings, Vol.2, pp.41-54, Feb., 2001   DOI
6 Check Point Software Technology, Inc., Open Plaform for Security (OPSEC) Technical Note, 2000
7 Check Point Software Technology, Inc., Check Point VPN-1/Firewall-1 OPSEC API Specification, Version 4.1, Nov., 1999
8 Network Associates, Inc., Automating Security managenment white Reducing Total Cost of Ownership, 1999
9 D. S. Kim, T. M. Chung, 'Implementation of Integrated Firewall Management System by Central Policy Management,' KNOM 2000, pp.169-176, May, 2000
10 Check Point Software Technology, Inc., Secure Virtual Network Architecture, A Customer-focused White Paper, Nov., 2000
11 Network Associates, Inc., Active Security Getting Started Guide Version 5.0, 1999
12 Communications Security Establishment(CSE), Threat and Risk Assessment Working Guide, ITSG-04, Canada, Oct. 1999