Ontology-based Policy Anomaly Management for Autonomic Computing

Hu, Hongxin; Ahn, Gail-Joon; Kulkarni, Ketan

doi:10.4108/icst.collaboratecom.2011.247119

Cited by 13 publications

(5 citation statements)

References 15 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Hu [43] proposed to divide the five-tuple decision spaces into disjoint hyper-rectangles where conflicts are resolved using a combination of automatic strategies and manual administrator effort driven by risk analysis considerations. A completely different approach is presented by Bandara, that uses argumentation logic and achieves excellent performance [44], and Hu that introduced an ontology-based anomaly management framework that delegates set operation to BDDs [45].…”

Section: Related Workmentioning

confidence: 99%

Analysis of Application-Layer Filtering Policies With Application to HTTP

Basile

Lioy

2015

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

Application firewalls are increasingly used to inspect upper layer protocols (as HTTP) that are target or vehicle of several attacks and are not properly addressed by network firewalls. Like other security controls, application firewalls need to be carefully configured, as errors have a significant impact on service security and availability. However, currently no technique is available to analyse their configuration for correctness and consistency. This paper extends a previous model for analysis of packet filters to the policy anomaly analysis in application firewalls. Both rule pair and multi-rule anomalies are detected, hence reducing the likelihood of conflicting and suboptimal configurations. The expressiveness of this model has been successfully tested against the features of Squid, a popular web caching proxy offering various access control capabilities. The tool implementing this model has been tested on various scenarios and exhibits good performance.

show abstract

Section: Related Workmentioning

confidence: 99%

Analysis of Application-Layer Filtering Policies With Application to HTTP

Basile

Lioy

2015

IEEE/ACM Trans. Networking

View full text Add to dashboard Cite

show abstract

“…The query in Fig. 6 uses FILTER with multiple conditions (line [11][12][13][14]. The first conjunctive condition states that for an obligation to be pending, there should not exist a triple stating its performer agent (!bound(?performerAgent)) meaning that the obligation has not been performed.…”

Section: A Fulfilled and Pending Obligationsmentioning

confidence: 99%

“…the most restricted case for the combination of multiple sets of obligations). However, more complicated cases of combining multiple sets of obligations, such as when there are conflicts among obligations (as described in [14]), or a subset of obligations defined in the φ formula are linked to an access request, are out of the scope of this paper.…”

Section: B Access Request Compliancementioning

confidence: 99%

L2TAP+SCIP: An Audit-based Privacy Framework Leveraging Linked Data

Samavi¹,

Consens²

2012

Proceedings of the 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

We describe a framework designed to facilitate privacy auditing while accommodating a variety of privacy scenarios and policies that involve multiple participants. Our proposal is based on two ontologies, L2TAP and SCIP, designed for deployment in a Linked Data environment. L2TAP provides provenance enabled logging of events. SCIP synthesizes contextual integrity concepts and enables query based solutions for two important privacy processes (compliance and obligation derivation). We include an experimental validation of the scalability of our approach.

show abstract

“…This has a number of limitations: (i) it leads to ad-hoc reasoning about policy compliance, one which is tied to the specific vocabularies that express the rules according to which the reasoning takes place; (ii) it limits the reusability and portability of policies; (iii) it precludes the identification of inter-policy relations; (iv) it limits the ability to perform policy governance. In order to overcome such limitations, semanticallyrich approaches to the specification of policies have been brought to the attention of the research community [17,32,40]. These generally embrace Semantic Web representations for capturing what we term action-oriented policies, i.e.…”

Section: Related Workmentioning

confidence: 99%

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

et al. 2017

View full text Add to dashboard Cite

Enterprises increasingly recognize the compelling economic and operational benefits from virtualizing and pooling IT resources in the cloud. Nevertheless, the significant and valuable transformation of organizations that adopt cloud computing is accompanied by a number of security threats that should be considered. In this paper, we outline significant security challenges presented when migrating to a cloud environment and propose PaaSword -a novel holistic framework that aspires to alleviate these challenges. Specifically, the proposed framework involves a context-aware security model, the necessary policies enforcement mechanism along with a physical distribution, encryption and query middleware.

show abstract

Ontology-based Policy Anomaly Management for Autonomic Computing

Cited by 13 publications

References 15 publications

Analysis of Application-Layer Filtering Policies With Application to HTTP

Analysis of Application-Layer Filtering Policies With Application to HTTP

L2TAP+SCIP: An Audit-based Privacy Framework Leveraging Linked Data

PaaSword: A Holistic Data Privacy and Security by Design Framework for Cloud Services

Contact Info

Product

Resources

About