Towards Automation for Pervasive Network Security Management Using an Integration of Ontology-Based and Policy-Based Approaches

Xu, Hui; Xia, Xue; Xiao, Di; Liu, Xuejiao

doi:10.1109/icicic.2008.579

Cited by 3 publications

(3 citation statements)

References 7 publications

(4 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, they do not consider the scenario of sharing a service "Multitenancy" among consumers. Related research efforts in ISMS include risk assessment and management frameworks such as OCTAVE [13], CORAS [14], Security management systems such as policy-based security management [15], Ontology-based and policy based management has been merged in one approach [16], and model-based security management [17]. Most of these approaches focus on the security capturing and enforcement phases rather than the feedback and improvement phases of the SMP.…”

Section: B Cloud Security Managementmentioning

confidence: 99%

Collaboration-Based Cloud Computing Security Management Framework

Almorsy

Grundy

Ibrahim

2011

2011 IEEE 4th International Conference on Cloud Computing

144

View full text Add to dashboard Cite

Although the cloud computing model is considered to be a very promising internet-based computing platform, it results in a loss of security control over the cloud-hosted assets. This is due to the outsourcing of enterprise IT assets hosted on third-party cloud computing platforms. Moreover, the lack of security constraints in the Service Level Agreements between the cloud providers and consumers results in a loss of trust as well. Obtaining a security certificate such as ISO 27000 or NIST-FISMA would help cloud providers improve consumers trust in their cloud platforms' security. However, such standards are still far from covering the full complexity of the cloud computing model. We introduce a new cloud security management framework based on aligning the FISMA standard to fit with the cloud computing model, enabling cloud providers and consumers to be security certified. Our framework is based on improving collaboration between cloud providers, service providers and service consumers in managing the security of the cloud platform and the hosted services. It is built on top of a number of security standards that assist in automating the security management process. We have developed a proof of concept of our framework using .NET and deployed it on a testbed cloud platform. We evaluated the framework by managing the security of a multitenant SaaS application exemplar.

show abstract

Section: B Cloud Security Managementmentioning

confidence: 99%

Collaboration-Based Cloud Computing Security Management Framework

Almorsy

Grundy

Ibrahim

2011

2011 IEEE 4th International Conference on Cloud Computing

144

View full text Add to dashboard Cite

show abstract

“…Normally administrators are given the high-level security goals and then, through their knowledge of network topology and security they adopt the best practice and derive the device configurations [9] . Ontology can be used as an alternative to management information because it has formal definition and can enhance semantic expressiveness [13] .…”

Section: Ontology-based Managementmentioning

confidence: 99%

“…Donner [20] defines a standardsbased security ontology, which extends the Common Information Model (CIM) with ontological semantics. The integration of the ontology-based and policy-based approaches is proposed in [13] . The combination of mobile agent technology and the ontology representation of network security knowledge is a promising technique since it offers a lot of advantages, the most important of which is that ontology is machine readable and understandable.…”

Section: Ontology-based Mobile Agent For Nsmmentioning

confidence: 99%

Network Security Management Using Ontology-Based Mobile Agents

Ali¹

2012

JKAU Comp IT Sci

View full text Add to dashboard Cite

Automatic means to manage the security in moderate and large networks are of extreme importance to avoid error-prone manual techniques. This paper paves the way to develop an automatic network security management (NSM) system that is both flexible in deciding the system’s objectives and efficient in using the valuable network bandwidth with a relatively low transmission overhead. The required flexibility and efficiency are obtained using mobile agents (MA) to collect the required security information from various network components and devices, and using ontology to specify the required security policies in such a way understandable by the MA’s software. A simplified NSM prototype is developed, implemented, and tested over a typical local area network to investigate the validity of the suggested ideas. The MA travels through the network and collects the necessary information using an ontology-based security policy. Next, it may either return back to the network administrator to let him decide and perform the suitable actions, or alternatively the MA may take the appropriate decisions. This prototype is tested to examine its functionality and performance using a simple local area network consisting of three computers with different configurations. The developed MA was able to understand the ontology and move around the network. It has properly detected the components that are wrongly configured. It should be made clear that the design is scalable and can be directly applied to more computers in a local area network or even in a wide area network.

show abstract

Application of Security Ontology to Context-Aware Alert Analysis

Xiao

Zheng

2009

2009 Eighth IEEE/ACIS International Conference on Computer and Information Science

View full text Add to dashboard Cite

Towards Automation for Pervasive Network Security Management Using an Integration of Ontology-Based and Policy-Based Approaches

Cited by 3 publications

References 7 publications

Collaboration-Based Cloud Computing Security Management Framework

Collaboration-Based Cloud Computing Security Management Framework

Network Security Management Using Ontology-Based Mobile Agents

Application of Security Ontology to Context-Aware Alert Analysis

Contact Info

Product

Resources

About