Download - Academy Publisher

More documents

Recommendations

Info

ISBN 978-952-5726-09-1 (Print) Proceedings of the Second International Symposium on Networking and Network Security (ISNNS ’10) Jinggangshan, P. R. China, 2-4, April. 2010, pp. 214-217 Research on Security Policy and Framework Dongliang Jiao 1,2 , Lianzhong Liu 1 , Shilong Ma 2 , and Xiaoni Wang 1 1 Key Laboratory of Beijing Network Technology, Beihang University, Beijing, China Email: {jiao_dl, lianzhong-liu, xiaoni_wang}@163.com 2 State Key Laboratory of Software Development Environment, Beihang University, Beijing, China Email: slma@nlsde.buaa.edu.cn Abstract—Policies are rules that govern the choices in behaviors of a system. Security policies define what actions are permitted or not permitted, for what or for whom, and under what conditions. In this paper, the present situation of research on policy is overviewed, including policy and security policy definition, policy language, the conflict detection of policy and policy framework. Finally, the summary and the future trends of policy and security policy study are given. Index Terms—Policy, Security policy, Policy Framework, Interval Temporal Logic (ITL), Ponder Language Ⅰ. INTRODUCTION As systems become increasingly complex, the development of methodologies for their security and effective management becomes more and more critical. One important aspect of this general systems management problem is that of being able to raise the level of abstraction [1]. This requirement is commonly described as the ability to deal with systems in terms of policies rather than explicit controls. Policy means different things to different people. For our purposes, the term “policy” is defined as high-level rules for implementing the goals, beliefs, and objectives of an enterprise. There are three types of policies, and you will use each type at different times in your information security program and throughout the organization to support the business process or mission. The three types of policies include [2]: 1) Global policies. These are used to create the organization’s overall vision and direction. 2) Topic-specific policies. These address particular subjects of concern. We discuss the information security architecture and each category. 3) Application-specific policies. These focus on decisions taken by management to control particular applications (financial reporting, payroll, etc.) or systems (budgeting system). Ⅱ. SECURITY POLICY A security policy establishes what must be done to protect information stored on computers. A well-written policy contains sufficient definition of “what” to do so that the “how” can be identified and measured or evaluated [3]. Supported by Co-Funding Project of Beijing Municipal Education Commission under Grant No. JD100060630 © 2010 ACADEMY PUBLISHER AP-PROC-CS-10CN006 214 Policies lay Global policies Topic-specific policies Application-spe cific policies Figure 1. Three kinds of Policies describe ways Policy specification description language Rule-based language Logic-based language Three types of policies The goal of a security policy is to maintain the integrity, confidentiality, and availability of information resources [4].Confidentiality requires that the information or resources in a computer system only be disclosed to authorized parties. Integrity includes data integrity (the content of the information) and origin integrity (the source of the data, often called authentication). Availability is concerned with the ability to use the information or resource desired. The aspect of availability that is relevant to security is that someone may deliberately arrange to deny access to data or to a service by making it unavailable to legitimate parties. To enforce the above requirements, authentication, access control and auditing, three mutually supportive technologies are used [5]. 1) Authentication: deals with identification of users. 2) Access control: concerned with limiting the activity of users who have been successfully authenticated by ensuring that every access to information or resources is controlled and that only authorized accesses can take place. 3) Auditing: is the process of recording information about accesses to resources so as to be able to establish responsibilities in the event of a security breach. Ⅲ. SECURITY POLICY REPRESENTATION A. Policy Language One of the main factors constrains the policy applications is that policy description language is not uniform. Each language can only support one or several models. At present, the policy language of the research Increasing degree of abstraction
focused mainly on rule-based forms of expression. The following are examples of some well-known policy language: 1) PDL (Policy Description Language) is a Bell Labs-developed event-based language [6]. They use "event - condition - behavior" rules of the form to define a policy. PDL’s syntax is simple, with clear semantics and can express a strong sexual, However, PDL does not support Access Control Policy, and does not support the roles of complex strategies. 2) Ponder is a declarative, object-oriented language for specifying security policies with role-based access control, as well as general-purpose management policies for specifying what actions are carried out when specific events occur within the system or what resources to allocate under specific conditions [7]. Ponder have four basic policy types: authorizations, obligations, refrains and delegations and three composite policy types: roles, relationships and management structures that are used to compose policies. The dependencies between the various types are shown in figure 2. Ponder also has a number of supporting abstractions that are used to define policies: domains for hierarchically grouping managed objects, events for triggering obligation policies, and constraints for controlling the enforcement of policies at runtime. Figure 2. Policy Types 3) Interval Temporal Logic (ITL) is a linear-time temporal logic with a discrete model of time. A system is modelled by a set of relevant state variables An interval is considered to be a (in)finite, nonempty sequence of state ∂ 0 , ∂ 1 ,......, where a state ∂ i is mapping from a set of variables to a set of values [5]. The first work investigates logic-based languages for the specification of authorization is Woo and Lam [8]. Jajodia et al. worked on a proposal that provides specific rules for resolving conflicts among positive authorizations and negative authorizations. Their policy language, called Authorization Specification Language (ASL), provides a specific predicate, cando, for expressing explicit authorizations and a different predicate, dercando, for expressing derived authorizations [9]. Bertino et al. propose a model supporting the specification of periodic authorizations, that is, authorizations that hold in specific periodic intervals [10]. The syntax of ITL is defined in Table 1 where: Expressions Formulate TABLE Ⅰ. SYNTAX OF ITL Z is an integer value, a is a static integer variable (doesn’t change within an interval), A is a state integer variable (can change within an interval), v a static or state integer variable, g is a integer function symbol, 4) XACML is used OASIS (Organization for the Advancement of Structured Information Standards) to represent the policy. The current syntax for policy in XACL is oriented around the 3-tuple {subject, object, action} [11]. The subject primitive allows user IDs, groups, and/or role names. The object primitive allows granularity as fine as a single element within an XML document. The action primitive consists of four kinds of actions: read; write; create; and delete. The main advantage of using XML is: XML is a widely used standard. B. Policy language Evaluation Criteria Each policy language has its own advantages and disadvantages. Formal Logic language is not enough intuitive, not easy to map to the realization of the mechanism, so is difficult to use and understand; Ponder language is more in line with common standards, could applies to a variety of applications, but Ponder Toolkit does not open source; XACML is ideal for on-line transmission and browse, but have a lot of redundant information. So when we use policy language, we should compare their advantages and disadvantages. Through analysis and research of the existing policy language, it is obvious that a good policy language should meet the following requirements: 1) Be easy to understand, The policy written in the policy language should be easy to understand, which is very important. Only when the policy could easily understood can achieve a wide range of applications. 2) Avoid absolutes, It is not easy to map abstract representations into the implementation mechanism, thus too abstract representations should be avoided. 3) Be do-able, It is easy to map to a description of the underlying measurement specifications, it is compiled into some kind of low-level (e.g. C) language code. 4) Good scalability, According to demand, it can mix new policy types with the existing policy , namely, support for complex strategies, and supports reusability。 5) Policy classification high covering,The language can cover all the current international standards of information security policy. 215
Page 1 and 2:
Proceedings The Second Internationa
Page 3 and 4:
Table of Contents Message from the
Page 5 and 6:
Zuming Xiao, Zhan Guo, Bin Tan, and
Page 7 and 8:
Message from the Symposium Chairs T
Page 9 and 10:
Second International Symposium on N
Page 11 and 12:
ISBN 978-952-5726-09-1 (Print) Proc
Page 13 and 14:
model that can deal with time serie
Page 15 and 16:
ISBN 978-952-5726-09-1 (Print) Proc
Page 17 and 18:
training for the Wushu competition
Page 19 and 20:
ISBN 978-952-5726-09-1 (Print) Proc
Page 21 and 22:
information, called weak uncertain
Page 23 and 24:
Student side Student side Student s
Page 25 and 26:
ISBN 978-952-5726-09-1 (Print) Proc
Page 27 and 28:
If we define element of student as
Page 29 and 30:
ISBN 978-952-5726-09-1 (Print) Proc
Page 31 and 32:
QoS, each frame data is divided int
Page 33 and 34:
ISBN 978-952-5726-09-1 (Print) Proc
Page 35 and 36:
for Imaging Two and Three Phase Flo
Page 37 and 38:
ISBN 978-952-5726-09-1 (Print) Proc
Page 39 and 40:
A. Profiling&following control algo
Page 41 and 42:
Research and Realization about Conv
Page 43 and 44:
PDF document structure is a tree st
Page 45 and 46:
ISBN 978-952-5726-09-1 (Print) Proc
Page 47 and 48:
support 10 Mb / s. But ENC28J60 onl
Page 49 and 50:
ISBN 978-952-5726-09-1 (Print) Proc
Page 51 and 52:
condition the first byte output of
Page 53 and 54:
ISBN 978-952-5726-09-1 (Print) Proc
Page 55 and 56:
According to maximum membership deg
Page 57 and 58:
ISBN 978-952-5726-09-1 (Print) Proc
Page 59 and 60:
ubber according to the mass ratio o
Page 61 and 62:
Ⅲ. AN IMPROVED DNA ALGORITHM FOR
Page 63 and 64:
Ⅴ.CONCLUSION REMARKS DNA computer
Page 65 and 66:
its first child q 1 on the left, th
Page 67 and 68:
chains can greatly improve efficien
Page 69 and 70:
II. RELATED WORK A. Mobile Service
Page 71 and 72:
special services. SOAP is used to b
Page 73 and 74:
detection methods of DDoS attacks m
Page 75 and 76:
Step4 calculate the new subordinate
Page 77 and 78:
Figure 1. An analysis of the partit
Page 79 and 80:
ISBN 978-952-5726-09-1 (Print) Proc
Page 81 and 82:
The preceding three formulas can be
Page 83 and 84:
ISBN 978-952-5726-09-1 (Print) Proc
Page 85 and 86:
And the decay speed of buffer seque
Page 87 and 88:
ISBN 978-952-5726-09-1 (Print) Proc
Page 89 and 90:
distance of view point. Given that
Page 91 and 92:
ISBN 978-952-5726-09-1 (Print) Proc
Page 93 and 94:
Ⅳ. EVALUATION OF BLENDED LEARNING
Page 95 and 96:
ISBN 978-952-5726-09-1 (Print) Proc
Page 97 and 98:
symmetric with respect to the origi
Page 99 and 100:
ISBN 978-952-5726-09-1 (Print) Proc
Page 101 and 102:
each sample belongs to each categor
Page 103 and 104:
ISBN 978-952-5726-09-1 (Print) Proc
Page 105 and 106:
A. Data Preparing To generate our t
Page 107 and 108:
ISBN 978-952-5726-09-1 (Print) Proc
Page 109 and 110:
oth α and β . determination of Qu
Page 111 and 112:
ISBN 978-952-5726-09-1 (Print) Proc
Page 113 and 114:
Strong earthquake 0.1< M L
Page 115 and 116:
ISBN 978-952-5726-09-1 (Print) Proc
Page 117 and 118:
indirect causes, and the logical re
Page 119 and 120:
egression. Granger causality test i
Page 121 and 122:
B. Evaluation We have evaluated thi
Page 123 and 124:
used as a source and neighboring ce
Page 125 and 126:
Figure 3. Drainage networks generat
Page 127 and 128:
Combinational logic unit failures i
Page 129 and 130:
Tabal.1 Combinational fault logic t
Page 131 and 132:
under the endorsement of both the m
Page 133 and 134:
TABLE I. DESCRIPTION OF PROPOSITION
Page 135 and 136:
Figure 2. The process of the invers
Page 137 and 138:
Figure 9. (a)the original image.(b)
Page 139 and 140:
ISBN 978-952-5726-09-1 (Print) Proc
Page 141 and 142:
In order to reduce to the number of
Page 143 and 144:
ISBN 978-952-5726-09-1 (Print) Proc
Page 145 and 146:
that studying being going to be to
Page 147 and 148:
Reference[10] analyzed the evolutio
Page 149 and 150:
module, communication module, apper
Page 151 and 152:
After the comprehensive performance
Page 153 and 154:
system testing can be seen that the
Page 155 and 156:
III. AUTONOMIC RESOURCE ALLOCATION
Page 157 and 158:
The QoE i (T i ) is the ith user’
Page 159 and 160:
ISBN 978-952-5726-09-1 (Print) Proc
Page 161 and 162:
nodes will be formed one cluster, t
Page 163 and 164:
ISBN 978-952-5726-09-1 (Print) Proc
Page 165 and 166:
Where n is the number of data point
Page 167 and 168:
ISBN 978-952-5726-09-1 (Print) Proc
Page 169 and 170:
Keyboard event Application User mod
Page 171 and 172:
ISBN 978-952-5726-09-1 (Print) Proc
Page 173 and 174: SQL Azure will eventually include a
Page 175 and 176: ISBN 978-952-5726-09-1 (Print) Proc
Page 177 and 178: The nodes in the suffix tree are dr
Page 179 and 180: [3] Y. Li, S. M. Chung, and J. D. H
Page 181 and 182: some drilling fluid produces hydrog
Page 183 and 184: "normalization", whose membership b
Page 185 and 186: and minimum structural elements in
Page 187 and 188: esults of the spatial transform par
Page 189 and 190: B. Research on protocol actions Com
Page 191 and 192: ACKNOWLEDGMENT This work is funded
Page 193 and 194: A. Problem Description In a small b
Page 195 and 196: [4] Huang, Hung, and J. Y. jen Hsu.
Page 197 and 198: Further by calculating, the followi
Page 199 and 200: TABLE II. THE CONCENTRATION BETWEEN
Page 201 and 202: private key that obtained by using
Page 205 and 206: ontology, and the domain dictionary
Page 209 and 210: Eq.4 is NP-hard and can be solved b
Page 213 and 214: Where: G i is the selection field o
Page 215 and 216: If there is X j in a generation, wh
Page 217 and 218: Theorem 2.4([10]). Let L 1 and L 2
Page 219 and 220: The relation between the lattice im
Page 221 and 222: Figure 2. Example of single-step de
Page 223: evocation and the fourth group stor
Page 227 and 228: Ⅵ. CONCLUSION Figure 6. The Flask
Page 229 and 230: EDCF in comparison with DCF, has so
Page 231 and 232: B. Simulation results and analysis
Page 235 and 236: in routing table. When search resou
Page 239 and 240: others through the selective emotio
Page 241 and 242: such as weather information, techno
Page 243 and 244: the opening window, a related page
Page 245 and 246: 1) Process context storage areas. I
Page 247 and 248: V. CONCLUSION In this thesis, sCPU-
Page 249 and 250: main types of horizontal search env
Page 251 and 252: Enterprise Portal security provides
Page 253 and 254: () t = [ S () t S () t ] T N S ,...
Page 255 and 256: [2] Kumaravel, N., and Kavitha, V.,
Page 257 and 258: output, so BP network has been wide
Page 259 and 260: input to the artificial neural netw
Page 261 and 262: (2) In a process (tokens from outsi
Page 263 and 264: The reduction process consists of t
Page 265 and 266: all eight normal vectors are identi
Page 267 and 268: is B object , and the number of emp
Page 269 and 270: xi, j y' = εα ( (1 + tanh( )) −
Page 271 and 272: Error 8000 7000 6000 5000 4000 3000
Page 273 and 274: Architecture (AMBA) a new bus archi
Page 275 and 276:
In order to ensure the smooth proce
Page 277 and 278:
ISBN 978-952-5726-09-1 (Print) Proc
Page 279 and 280:
In this paper, we adopt two Sobel o
Page 281 and 282:
ISBN 978-952-5726-09-1 (Print) Proc
Page 283 and 284:
four layers.The far right of the gr
Page 285 and 286:
ISBN 978-952-5726-09-1 (Print) Proc
Page 287 and 288:
TABLE II. OPERATIONAL EMPLOYEE TABL
Page 289 and 290:
A. Object-relational Type To audit
Page 291 and 292:
to execution time. Also, DBA would
Page 293 and 294:
Liping Chen .......................
show all

Download - Academy Publisher

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?