Towards system integrity protection with graph-based policy analysis

Wenjuan Xu, Xinwen Zhang, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

Original languageEnglish (US)
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages65-80
Number of pages16
Volume5645 LNCS
DOIs
StatePublished - 2009
Event23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security - Montreal, QC, Canada
Duration: Jul 12 2009Jul 15 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5645 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
CountryCanada
CityMontreal, QC
Period7/12/097/15/09

Fingerprint

Security systems
Integrity
Graph in graph theory
Trusted Computing
Security Policy
Information Flow
Policy
Trusted computing
Intuitive
Configuration
Methodology

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Xu, W., Zhang, X., & Ahn, G-J. (2009). Towards system integrity protection with graph-based policy analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5645 LNCS, pp. 65-80). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5645 LNCS). https://doi.org/10.1007/978-3-642-03007-9_5

Towards system integrity protection with graph-based policy analysis. / Xu, Wenjuan; Zhang, Xinwen; Ahn, Gail-Joon.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5645 LNCS 2009. p. 65-80 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5645 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Xu, W, Zhang, X & Ahn, G-J 2009, Towards system integrity protection with graph-based policy analysis. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 5645 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5645 LNCS, pp. 65-80, 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, QC, Canada, 7/12/09. https://doi.org/10.1007/978-3-642-03007-9_5
Xu W, Zhang X, Ahn G-J. Towards system integrity protection with graph-based policy analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5645 LNCS. 2009. p. 65-80. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-03007-9_5
Xu, Wenjuan ; Zhang, Xinwen ; Ahn, Gail-Joon. / Towards system integrity protection with graph-based policy analysis. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5645 LNCS 2009. pp. 65-80 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{16c879f0f471414cb8eb24366baaf699,
title = "Towards system integrity protection with graph-based policy analysis",
abstract = "Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.",
author = "Wenjuan Xu and Xinwen Zhang and Gail-Joon Ahn",
year = "2009",
doi = "10.1007/978-3-642-03007-9_5",
language = "English (US)",
isbn = "3642030068",
volume = "5645 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "65--80",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Towards system integrity protection with graph-based policy analysis

AU - Xu, Wenjuan

AU - Zhang, Xinwen

AU - Ahn, Gail-Joon

PY - 2009

Y1 - 2009

N2 - Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

AB - Identifying and protecting the trusted computing base (TCB) of a system is an important task, which is typically performed by designing and enforcing a system security policy and verifying whether an existing policy satisfies security objectives. To efficiently support these, an intuitive and cognitive policy analysis mechanism is desired for policy designers or security administrators due to the high complexity of policy configurations in contemporary systems. In this paper, we present a graph-based policy analysis methodology to identify TCBs with the consideration of different system applications and services. Through identifying information flows violating the integrity protection of TCBs, we also propose resolving principles to using our developed graph-based policy analysis tool.

UR - http://www.scopus.com/inward/record.url?scp=70350379176&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=70350379176&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-03007-9_5

DO - 10.1007/978-3-642-03007-9_5

M3 - Conference contribution

AN - SCOPUS:70350379176

SN - 3642030068

SN - 9783642030062

VL - 5645 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 65

EP - 80

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -