Al-Shaer, Ehab.

Automated Security Management. - Dordrecht : Springer, 2013. - 1 online resource (185 p.) - eBooks on Demand .

Preface; Contents; Part I Configuration Modeling and Checking; 1 Towards a Unified Modeling and Verification of Network and System Security Configurations; 1.1 Introduction; 1.2 Framework Overview; 1.3 Network Model; 1.3.1 State Representation; 1.3.2 Network Devices; 1.4 Application Layer Model; 1.4.1 Application Layer Access-Control; 1.4.2 State Representation; 1.5 Querying the Model; 1.5.1 Model Checking; 1.5.2 Query Structure and Features; 1.5.3 Example Properties; 1.6 Evaluation; 1.7 Related Work; 1.8 Conclusion; References 2 Modeling and Checking the Security of DIFC SystemConfigurations2.1 Introduction; 2.2 Preliminaries; 2.2.1 Tags and Labels; 2.2.2 Capabilities; 2.2.3 Declassification; 2.2.4 Configuration and Security Policy; 2.3 Threat Model; 2.4 Formal Model; 2.4.1 DIFC Configuration Schemes; 2.4.1.1 States; 2.4.1.2 State Transition Rules; 2.4.1.3 Properties; 2.4.2 Security Analysis Problem for DIFC Configuration; 2.5 Our Approach; 2.5.1 Model Checking; 2.5.2 Preprocessing; 2.6 Experiment and Evaluation; 2.7 Discussion; 2.8 Related Works; 2.8.1 Decentralized Information Flow Control 2.8.2 Security Analysis of Access Control2.9 Conclusion; References; Part II Vulnerability and Risk Assessment; 3 Increasing Android Security Using a Lightweight OVAL-Based Vulnerability Assessment Framework; 3.1 Introduction; 3.2 Related Work; 3.3 Vulnerability Assessment Process Model; 3.4 An OVAL-Based Framework for Assessing Android Vulnerabilities; 3.4.1 Architecture and Main Components; 3.4.2 Optimized Assessment Strategy; 3.5 Implementation Prototype; 3.6 Performance Evaluation; 3.6.1 Analytical Evaluation; 3.6.2 Technical Experimentation; 3.7 Conclusions and Future Work; References 4 A Declarative Logic-Based Approach for Threat Analysis of Advanced Metering Infrastructure4.1 Introduction; 4.2 Background and Challenges; 4.2.1 AMI System Complexity; 4.2.2 Potential Threats in AMI; 4.3 AMISecChecker Architecture; 4.4 AMI Configuration Model; 4.4.1 AMI Physical Components; 4.4.2 AMI Network Topology; 4.4.3 AMI Data Delivery Modes; 4.4.4 Miscellaneous Modeling; 4.5 AMI Threat Analysis; 4.5.1 AMI Configuration Analysis; 4.5.1.1 Reachability Analysis; 4.5.1.2 Data Delivery Analysis; 4.5.1.3 Schedule Misconfiguration Analysis; 4.5.2 AMI Security Control Analysis 4.5.2.1 Analyzing DoS Attacks4.5.2.2 Analyzing Violation of Boundary Protection; 4.5.2.3 Miscellaneous Threat Analysis; 4.6 Implementation and Evaluation; 4.6.1 Efficacy; 4.6.2 Scalability; 4.7 Related Work; 4.8 Conclusion; References; 5 Risk Based Access Control Using Classification; 5.1 Introduction; 5.2 Preliminaries; 5.2.1 RBAC; 5.2.2 Classification; 5.3 Risk Based Access Control; 5.3.1 Risk Based Permission Authorization; 5.3.2 Risk Based Authorization of Roles; 5.4 Experimental Evaluation; 5.4.1 Risk-Based Permission Authorization; 5.4.2 Risk-Based Role Authorization; 5.5 Related Work 5.6 Conclusions

In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

9783319014333 79.99 (NL)


Computer networks -- Security measures -- Standards.
Computer security -- Management.
Data protection -- Standards.


Electronic books.

QA76.9 .A25

004.6