Multilevel Security and Quality of Protection

Foley, Simon N.; Bistarelli, Stefano; O’Sullivan, Barry; Herbert, John J.; Swart, Garret

doi:10.1007/978-0-387-36584-8_8

Cited by 18 publications

(14 citation statements)

References 36 publications

(83 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The model presented in this paper has a close relationship with the multilevel security model described in [19], whereby the lattice of multilevel security levels correspond to the lattice of attributes, the assurance levels correspond to the Quality c-semiring. Therefore, results on the multilevel cascade problem can be applied to our model.…”

Section: Examplementioning

confidence: 97%

Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

Foley

Fitzgerald

Bistarelli

et al. 2006

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The challenge for autonomic network management is the provision of future network management systems that have the characteristics of self-management, self-configuration, self-protection and selfhealing, in accordance with the high level objectives of the enterprise or human end-user. This paper proposes an abstract model for network configuration that is intended to help understand fundamental underlying issues in self-configuration. We describe the cascade problem in self-configuring networks: when individual network components that are securely configured are connected together (in an apparently secure manner), a configuration cascade can occur resulting in a mis-configured network. This has implications for the design of self-configuring systems and we discuss how a soft constraint-based framework can provide a solution.

show abstract

Section: Examplementioning

confidence: 97%

Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

Foley

Fitzgerald

Bistarelli

et al. 2006

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The key classification ordering defines the flow constraints between keys, for example, long term key Ka information should not be permitted to flow to session key Kab information. Rather than relying on a binary interpretation of how key related information may/may not flow, we take a qualitative-based approach that is similar to the notion of assurance in [9,7]. Define…”

Section: Protocol Deployment Riskmentioning

confidence: 99%

Security Protocol Deployment Risk

Foley

Bella

Bistarelli

2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Security protocol participants are software and/or hardware agents that are-as with any system-potentially vulnerable to failure. Protocol analysis should extend not just to an analysis of the protocol specification, but also to its implementation and configuration in its target environment. However, an in-depth formal analysis that considers the behavior and interaction of all components in their environment is not feasible in practice.This paper considers the analysis of protocol deployment rather than implementation. Instead of concentrating on detailed semantics and formal verification of the protocol and implementation, we are concerned more with with the ability to trace, at a practical level of abstraction, how the protocol deployment, that is, the configuration of the protocol components, relate to each other and the overall protocol goals. We believe that a complete security verification of a system is not currently achievable in practice and seek some degree of useful feedback from an analysis that a particular protocol deployment is reasonable.

show abstract

“…Thus, different customers at data centers will have different perceptions of the best trade-off solution between a high level of security and the related costs. Some research has been done in the area of multilevel security, see for example Foley et al [5] or in the area of IT business outsourcing, e.g. Karabulut [14].…”

Section: Introductionmentioning

confidence: 99%

Autonomic Provisioning of Hosted Applications with Level of Isolation Terms

Franke

Robinson

2008

Fifth IEEE Workshop on Engineering of Autonomic and Autonomous Systems (Ease 2008)

View full text Add to dashboard Cite

Autonomic provisioning of hosted applications in Enterprise Data Centers must be investigated as more and more business applications are executed in such an environment. In this scenario, the multiplicity and variability of software components and data to be dynamically deployed, interconnected and adjusted leads to more complex system management. In parallel, all customer requirements and constraints must be fulfilled. These requirements and constraints are specified in corresponding Service Level Agreements (SLA). Protection aspects are one important part of such agreements, as in a shared, open infrastructure, perceived risks with respect to loss of information confidentiality, integrity and availability increase. Legislation and compensation mechanisms make it imperative for the Data Center to acknowledge these perceived risks. Therefore, robust application isolation mechanisms must be considered. However, potential drawbacks due to the used protection mechanisms that might influence the overall system performance must be considered. In order to initialize an autonomic provisioning process, a concept for configuring the Data Center based on different Levels of Isolation is presented. Customers and Data Center providers can agree on the isolation guarantees they expect given their individual preferences specification between the perceived risks and the resulting costs associated with the chosen Level of Isolation.

show abstract

Multilevel Security and Quality of Protection

Cited by 18 publications

References 36 publications

Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

Security Protocol Deployment Risk

Autonomic Provisioning of Hosted Applications with Level of Isolation Terms

Contact Info

Product

Resources

About