Normal view MARC view ISBD view

Automated Security Management.

By: Al-Shaer, Ehab.
Contributor(s): Ou, Xinming | Xie, Geoffrey.
Material type: TextTextSeries: eBooks on Demand.Publisher: Dordrecht : Springer, 2013Description: 1 online resource (185 p.).ISBN: 9783319014333.Subject(s): Computer networks -- Security measures -- Standards | Computer security -- Management | Data protection -- StandardsGenre/Form: Electronic books.Additional physical formats: Print version:: Automated Security ManagementDDC classification: 004.6 LOC classification: QA76.9 .A25Online resources: Click here to view this ebook.
Contents:
Preface; Contents; Part I Configuration Modeling and Checking; 1 Towards a Unified Modeling and Verification of Network and System Security Configurations; 1.1 Introduction; 1.2 Framework Overview; 1.3 Network Model; 1.3.1 State Representation; 1.3.2 Network Devices; 1.4 Application Layer Model; 1.4.1 Application Layer Access-Control; 1.4.2 State Representation; 1.5 Querying the Model; 1.5.1 Model Checking; 1.5.2 Query Structure and Features; 1.5.3 Example Properties; 1.6 Evaluation; 1.7 Related Work; 1.8 Conclusion; References
2 Modeling and Checking the Security of DIFC SystemConfigurations2.1 Introduction; 2.2 Preliminaries; 2.2.1 Tags and Labels; 2.2.2 Capabilities; 2.2.3 Declassification; 2.2.4 Configuration and Security Policy; 2.3 Threat Model; 2.4 Formal Model; 2.4.1 DIFC Configuration Schemes; 2.4.1.1 States; 2.4.1.2 State Transition Rules; 2.4.1.3 Properties; 2.4.2 Security Analysis Problem for DIFC Configuration; 2.5 Our Approach; 2.5.1 Model Checking; 2.5.2 Preprocessing; 2.6 Experiment and Evaluation; 2.7 Discussion; 2.8 Related Works; 2.8.1 Decentralized Information Flow Control
2.8.2 Security Analysis of Access Control2.9 Conclusion; References; Part II Vulnerability and Risk Assessment; 3 Increasing Android Security Using a Lightweight OVAL-Based Vulnerability Assessment Framework; 3.1 Introduction; 3.2 Related Work; 3.3 Vulnerability Assessment Process Model; 3.4 An OVAL-Based Framework for Assessing Android Vulnerabilities; 3.4.1 Architecture and Main Components; 3.4.2 Optimized Assessment Strategy; 3.5 Implementation Prototype; 3.6 Performance Evaluation; 3.6.1 Analytical Evaluation; 3.6.2 Technical Experimentation; 3.7 Conclusions and Future Work; References
4 A Declarative Logic-Based Approach for Threat Analysis of Advanced Metering Infrastructure4.1 Introduction; 4.2 Background and Challenges; 4.2.1 AMI System Complexity; 4.2.2 Potential Threats in AMI; 4.3 AMISecChecker Architecture; 4.4 AMI Configuration Model; 4.4.1 AMI Physical Components; 4.4.2 AMI Network Topology; 4.4.3 AMI Data Delivery Modes; 4.4.4 Miscellaneous Modeling; 4.5 AMI Threat Analysis; 4.5.1 AMI Configuration Analysis; 4.5.1.1 Reachability Analysis; 4.5.1.2 Data Delivery Analysis; 4.5.1.3 Schedule Misconfiguration Analysis; 4.5.2 AMI Security Control Analysis
4.5.2.1 Analyzing DoS Attacks4.5.2.2 Analyzing Violation of Boundary Protection; 4.5.2.3 Miscellaneous Threat Analysis; 4.6 Implementation and Evaluation; 4.6.1 Efficacy; 4.6.2 Scalability; 4.7 Related Work; 4.8 Conclusion; References; 5 Risk Based Access Control Using Classification; 5.1 Introduction; 5.2 Preliminaries; 5.2.1 RBAC; 5.2.2 Classification; 5.3 Risk Based Access Control; 5.3.1 Risk Based Permission Authorization; 5.3.2 Risk Based Authorization of Roles; 5.4 Experimental Evaluation; 5.4.1 Risk-Based Permission Authorization; 5.4.2 Risk-Based Role Authorization; 5.5 Related Work
5.6 Conclusions
Summary: In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA76.9 .A25 (Browse shelf) http://uttyler.eblib.com/patron/FullRecord.aspx?p=1538876 Available EBL1538876

Preface; Contents; Part I Configuration Modeling and Checking; 1 Towards a Unified Modeling and Verification of Network and System Security Configurations; 1.1 Introduction; 1.2 Framework Overview; 1.3 Network Model; 1.3.1 State Representation; 1.3.2 Network Devices; 1.4 Application Layer Model; 1.4.1 Application Layer Access-Control; 1.4.2 State Representation; 1.5 Querying the Model; 1.5.1 Model Checking; 1.5.2 Query Structure and Features; 1.5.3 Example Properties; 1.6 Evaluation; 1.7 Related Work; 1.8 Conclusion; References

2 Modeling and Checking the Security of DIFC SystemConfigurations2.1 Introduction; 2.2 Preliminaries; 2.2.1 Tags and Labels; 2.2.2 Capabilities; 2.2.3 Declassification; 2.2.4 Configuration and Security Policy; 2.3 Threat Model; 2.4 Formal Model; 2.4.1 DIFC Configuration Schemes; 2.4.1.1 States; 2.4.1.2 State Transition Rules; 2.4.1.3 Properties; 2.4.2 Security Analysis Problem for DIFC Configuration; 2.5 Our Approach; 2.5.1 Model Checking; 2.5.2 Preprocessing; 2.6 Experiment and Evaluation; 2.7 Discussion; 2.8 Related Works; 2.8.1 Decentralized Information Flow Control

2.8.2 Security Analysis of Access Control2.9 Conclusion; References; Part II Vulnerability and Risk Assessment; 3 Increasing Android Security Using a Lightweight OVAL-Based Vulnerability Assessment Framework; 3.1 Introduction; 3.2 Related Work; 3.3 Vulnerability Assessment Process Model; 3.4 An OVAL-Based Framework for Assessing Android Vulnerabilities; 3.4.1 Architecture and Main Components; 3.4.2 Optimized Assessment Strategy; 3.5 Implementation Prototype; 3.6 Performance Evaluation; 3.6.1 Analytical Evaluation; 3.6.2 Technical Experimentation; 3.7 Conclusions and Future Work; References

4 A Declarative Logic-Based Approach for Threat Analysis of Advanced Metering Infrastructure4.1 Introduction; 4.2 Background and Challenges; 4.2.1 AMI System Complexity; 4.2.2 Potential Threats in AMI; 4.3 AMISecChecker Architecture; 4.4 AMI Configuration Model; 4.4.1 AMI Physical Components; 4.4.2 AMI Network Topology; 4.4.3 AMI Data Delivery Modes; 4.4.4 Miscellaneous Modeling; 4.5 AMI Threat Analysis; 4.5.1 AMI Configuration Analysis; 4.5.1.1 Reachability Analysis; 4.5.1.2 Data Delivery Analysis; 4.5.1.3 Schedule Misconfiguration Analysis; 4.5.2 AMI Security Control Analysis

4.5.2.1 Analyzing DoS Attacks4.5.2.2 Analyzing Violation of Boundary Protection; 4.5.2.3 Miscellaneous Threat Analysis; 4.6 Implementation and Evaluation; 4.6.1 Efficacy; 4.6.2 Scalability; 4.7 Related Work; 4.8 Conclusion; References; 5 Risk Based Access Control Using Classification; 5.1 Introduction; 5.2 Preliminaries; 5.2.1 RBAC; 5.2.2 Classification; 5.3 Risk Based Access Control; 5.3.1 Risk Based Permission Authorization; 5.3.2 Risk Based Authorization of Roles; 5.4 Experimental Evaluation; 5.4.1 Risk-Based Permission Authorization; 5.4.2 Risk-Based Role Authorization; 5.5 Related Work

5.6 Conclusions

In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Managemen

Description based upon print version of record.

There are no comments for this item.

Log in to your account to post a comment.