Security policy pre-evaluation towards risk analysis

Han Yi, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.

Original languageEnglish
Title of host publicationProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
Pages415-420
Number of pages6
DOIs
Publication statusPublished - Sep 15 2008
Event2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, Korea, Republic of
Duration: Apr 24 2008Apr 26 2008

Publication series

NameProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

Other

Other2nd International Conference on Information Security and Assurance, ISA 2008
CountryKorea, Republic of
CityBusan
Period4/24/084/26/08

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems and Management
  • Electrical and Electronic Engineering
  • Communication

Fingerprint Dive into the research topics of 'Security policy pre-evaluation towards risk analysis'. Together they form a unique fingerprint.

  • Cite this

    Yi, H., Hori, Y., & Sakurai, K. (2008). Security policy pre-evaluation towards risk analysis. In Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008 (pp. 415-420). [4511603] (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). https://doi.org/10.1109/ISA.2008.114