Rigorous automated network security management

Joshua D. Guttman; Amy L. Herzog

首页> 外文期刊>International Journal of Information Security >Rigorous automated network security management

【24h】

Rigorous automated network security management

机译：严格的自动化网络安全管理

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Achieving a security goal in a networked system requires the cooperation of a variety of devices, each device potentially requiring a different configuration. Many information security problems may be solved with appropriate models of these devices and their interactions, giving a systematic way to handle the complexity of real situations. We present an approach, rigorous automated network security management, that front-loads formal modeling and analysis before problem solving, thereby providing easy-to-run tools with rigorously justified results. With this approach, we model the network and a class of practically important security goals. The models derived suggest algorithms that, given system configuration information, determine the security goals satisfied by the system. The modeling provides rigorous justification for the algorithms, which may then be implemented as ordinary computer programs requiring no formal methods training to operate. We have applied this approach to several problems. In this paper we describe two: distributed packet filtering and the use of IP security (IPsec) gateways. We also describe how to piece together the two separate solutions to these problems, jointly enforcing packet filtering as well as IPsec authentication and confidentiality on a single network.

机译：在网络系统中实现安全目标需要多种设备的协作，每个设备可能需要不同的配置。可以使用这些设备的适当模型及其交互来解决许多信息安全问题，从而提供一种系统的方式来处理实际情况的复杂性。我们提出了一种严格的自动化网络安全管理方法，该方法可以在解决问题之前预先加载正式的建模和分析，从而提供易于操作且具有严格合理结果的工具。使用这种方法，我们可以对网络和一类实际上很重要的安全目标进行建模。推导的模型提出了算法，这些算法在给定系统配置信息的情况下确定系统满足的安全目标。该建模为算法提供了严格的依据，然后可以将其实现为不需要任何正式方法培训即可操作的普通计算机程序。我们已经将此方法应用于一些问题。在本文中，我们描述了两个：分布式数据包过滤和IP安全（IPsec）网关的使用。我们还将描述如何将针对这些问题的两个单独的解决方案组合在一起，共同在单个网络上共同实施数据包筛选以及IPsec身份验证和机密性。

著录项

来源
《International Journal of Information Security》 |2005年第2期|共20页
作者
Joshua D. Guttman; Amy L. Herzog;
展开▼
作者单位

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词
Network security; Filtering routers; IP security protocols; Security management; Formal methods;

机译：网络安全;过滤路由器;IP安全协议;安全管理;正式方法;

相似文献

外文文献
中文文献
专利

1. Rigorous automated network security management [J] . Joshua D. Guttman, Amy L. Herzog International Journal of Information Security . 2005,第1a2期

机译：严格的自动化网络安全管理
2. The Case for a Rigorous Approach to Automating Software Operations and Management of Large-scale Sensor Networks [J] . Sameer Tilak, Philip Papadopoulos Computer communication review . 2012,第5期

机译：严格的自动化大型传感器网络软件操作和管理方法的案例
3. Formal validation of automated policy refinementin the management of network security systems [J] . Joao Porto de Albuquerque, Heiko Krumm, Paulo Licio de Geus International Journal of Information Security . 2010,第2期

机译：正式验证网络安全系统管理中的自动策略优化
4. An integrated software immune system: a framework for automated network management, system health, and security [C] . Gilfix, M. . 1999

机译：集成的软件免疫系统：自动网络管理，系统健康和安全性的框架
5. Formal Techniques for Automated Design of Adaptive Networked Systems Based on Security and Resiliency Requirements [D] . ?Jakaria, A. H. M. 2020

机译：基于安全性和灵活性要求自适应网络系统的自动化设计技术正式
6. Named-Entity-Recognition-Based Automated System for Diagnosing Cybersecurity Situations in IoT Networks [O] . Tiberiu-Marian Georgescu, Bogdan Iancu, Madalina Zurini 2019

机译：基于命名实体识别的物联网网络安全状况自动诊断系统
7. Rigorous automated network security management [O] . Joshua D. Guttman, Amy L. Herzog 2005

机译：严格的自动化网络安全管理

Rigorous automated network security management

摘要

著录项

相似文献

相关主题

期刊订阅