Formal security policy implementations in network firewalls

Macfarlane, Richard; Buchanan, William J.; Ekonomou, Elias; Uthmani, Omair; Lü, Fan; Lo, Owen

doi:10.1016/j.cose.2011.10.003

Cited by 10 publications

(3 citation statements)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Once users are authenticated (authentication) it is necessary to ensure these users only have access to information and business processes for which they are authorized (authorization). Traditionally, authorization is established by means of filtering mechanisms [46]. Filtering mechanisms consists of the specification of security policies (such as RBAC policies) that define conditions (rules) under which users can or cannot access the resources (systems or information).…”

Section: Feature Model For Authorizationmentioning

confidence: 99%

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Varela-Vaca¹,

Gasca²

2013

Information and Software Technology

View full text Add to dashboard Cite

Section: Feature Model For Authorizationmentioning

confidence: 99%

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Varela-Vaca¹,

Gasca²

2013

Information and Software Technology

View full text Add to dashboard Cite

“…Firewall provides an effective defense mechanism against network attacks by performing careful gatekeeping over the communication traffic that enter and exit the protected system [14] [15], that is to say, user may deploy security policies by running a gateway-level firewall to prevent hacker attacks from external network. Therefore, a firewall provides a clean interface to control bidirectional access to/from an individual application, an entire device, or a portion of a network [16]. The application of firewall has been used extensively to the conventional Internet, WSNs, and network based embedded systems [15] [19].…”

Section: Introductionmentioning

confidence: 99%

An Immunity-Based IOT Environment Security Situation Awareness Model

Shi¹,

Li²,

Li³

et al. 2017

JCC

View full text Add to dashboard Cite

To effectively perceive network security situation under IOT environment, an Immunity-based IOT Environment Security Situation Awareness (IIESSA) model is proposed. In IIESSA, some formal definitions for self, non-self, antigen and detector are given. According to the relationship between the antibody-concentration of memory detectors and the intensity of network attack activities, the security situation evaluation method under IOT environment based on artificial immune system is presented. And then according to the situation time series obtained by the mentioned evaluation method, the security situation prediction method based on grey prediction theory is presented for forecasting the intensity and security situation of network attack activities that the IOT environment will be suffered in next step. The experimental results show that IIESSA provides a novel and effective model for perceiving security situation of IOT environment.

show abstract

“…In the detection, if the intrusion behavior characteristics match with the known intrusion signature database, the detection is considered to have the intrusion behavior. [5,6] This detection strategy can be targeted to establish a detection system, and has high detection efficiency, but it'll be powerless in the face of unknown intrusion behaviors. Then the anomaly detection strategy is appeared, which is assumed to be different from the normal behavior.…”

Section: Design Of Intrusion Data Classification Algorithmmentioning

confidence: 99%

Research on Algorithm Based on Secure Computer Network Defense

Tian¹

2016

Proceedings of the 2016 3rd International Conference on Materials Engineering, Manufacturing Technology and Control

View full text Add to dashboard Cite

Abstract. In order to solve the problems that the network security defense measures are independent, passive and lagging, and anomaly detection needs an effective training set, a scalable dynamic compound virtual network framework and strategy for active defense is designed and realized in this paper, a classification method based on real network data is also proposed. While PSO-FCM clustering algorithm is used to analyze the data in real network, immune evolutionary algorithm is used to dynamically adjust the number of clusters. Experimental results show that this algorithm has correct cluster and standard of network data, and can extract relatively pure training data from the network data.

show abstract

Formal security policy implementations in network firewalls

Cited by 10 publications

References 56 publications

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

An Immunity-Based IOT Environment Security Situation Awareness Model

Research on Algorithm Based on Secure Computer Network Defense

Contact Info

Product

Resources

About