Towards system integrity protection with graph-based policy analysis

Wenjuan Xu; Xinwen Zhang; Gail-Joon Ahn

doi:10.1007/978-3-642-03007-9_5

Towards system integrity protection with graph-based policy analysis

Wenjuan Xu, Xinwen Zhang, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Scopus citations

Abstract

Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

Original language	English (US)
Title of host publication	Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings
Pages	65-80
Number of pages	16
DOIs	https://doi.org/10.1007/978-3-642-03007-9_5
State	Published - 2009
Event	23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security - Montreal, QC, Canada Duration: Jul 12 2009 → Jul 15 2009

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5645 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
Country/Territory	Canada
City	Montreal, QC
Period	7/12/09 → 7/15/09

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-03007-9_5

Cite this

Xu, W., Zhang, X., & Ahn, G.-J. (2009). Towards system integrity protection with graph-based policy analysis. In Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings (pp. 65-80). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5645 LNCS). https://doi.org/10.1007/978-3-642-03007-9_5

Towards system integrity protection with graph-based policy analysis. / Xu, Wenjuan; Zhang, Xinwen; Ahn, Gail-Joon.
Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings. 2009. p. 65-80 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5645 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Xu, W, Zhang, X & Ahn, G-J 2009, Towards system integrity protection with graph-based policy analysis. in Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5645 LNCS, pp. 65-80, 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, QC, Canada, 7/12/09. https://doi.org/10.1007/978-3-642-03007-9_5

Xu W, Zhang X, Ahn GJ. Towards system integrity protection with graph-based policy analysis. In Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings. 2009. p. 65-80. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-03007-9_5

@inproceedings{16c879f0f471414cb8eb24366baaf699,

title = "Towards system integrity protection with graph-based policy analysis",

abstract = "Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.",

author = "Wenjuan Xu and Xinwen Zhang and Gail-Joon Ahn",

year = "2009",

doi = "10.1007/978-3-642-03007-9_5",

language = "English (US)",

isbn = "3642030068",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "65--80",

booktitle = "Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings",

note = "23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security ; Conference date: 12-07-2009 Through 15-07-2009",

}

TY - GEN

T1 - Towards system integrity protection with graph-based policy analysis

AU - Xu, Wenjuan

AU - Zhang, Xinwen

AU - Ahn, Gail-Joon

PY - 2009

Y1 - 2009

N2 - Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

AB - Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

UR - http://www.scopus.com/inward/record.url?scp=70350379176&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350379176&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-03007-9_5

DO - 10.1007/978-3-642-03007-9_5

M3 - Conference contribution

AN - SCOPUS:70350379176

SN - 3642030068

SN - 9783642030062

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 65

EP - 80

BT - Data and Applications Security XXIII - 23rd Annual IFIP WG 11.3 Working Conference, Proceedings

T2 - 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security

Y2 - 12 July 2009 through 15 July 2009

ER -

Towards system integrity protection with graph-based policy analysis

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this