Security policy pre-evaluation towards risk analysis

Han Yi, Yoshiaki Hori, Kouichi Sakurai

研究成果: 著書/レポートタイプへの貢献会議での発言

7 引用 (Scopus)

抄録

Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.

元の言語英語
ホスト出版物のタイトルProceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008
ページ415-420
ページ数6
DOI
出版物ステータス出版済み - 9 15 2008
イベント2nd International Conference on Information Security and Assurance, ISA 2008 - Busan, 大韓民国
継続期間: 4 24 20084 26 2008

出版物シリーズ

名前Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

その他

その他2nd International Conference on Information Security and Assurance, ISA 2008
大韓民国
Busan
期間4/24/084/26/08

Fingerprint

security policy
Risk analysis
evaluation
Evaluation
Security policy
Policy evaluation

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems and Management
  • Electrical and Electronic Engineering
  • Communication

これを引用

Yi, H., Hori, Y., & Sakurai, K. (2008). Security policy pre-evaluation towards risk analysis. : Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008 (pp. 415-420). [4511603] (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). https://doi.org/10.1109/ISA.2008.114

Security policy pre-evaluation towards risk analysis. / Yi, Han; Hori, Yoshiaki; Sakurai, Kouichi.

Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 415-420 4511603 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).

研究成果: 著書/レポートタイプへの貢献会議での発言

Yi, H, Hori, Y & Sakurai, K 2008, Security policy pre-evaluation towards risk analysis. : Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008., 4511603, Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 415-420, 2nd International Conference on Information Security and Assurance, ISA 2008, Busan, 大韓民国, 4/24/08. https://doi.org/10.1109/ISA.2008.114
Yi H, Hori Y, Sakurai K. Security policy pre-evaluation towards risk analysis. : Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. p. 415-420. 4511603. (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008). https://doi.org/10.1109/ISA.2008.114
Yi, Han ; Hori, Yoshiaki ; Sakurai, Kouichi. / Security policy pre-evaluation towards risk analysis. Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008. 2008. pp. 415-420 (Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008).
@inproceedings{4d7aac08cdb6430da3ddfe9a8cf841fc,
title = "Security policy pre-evaluation towards risk analysis",
abstract = "Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.",
author = "Han Yi and Yoshiaki Hori and Kouichi Sakurai",
year = "2008",
month = "9",
day = "15",
doi = "10.1109/ISA.2008.114",
language = "English",
isbn = "9780769531267",
series = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",
pages = "415--420",
booktitle = "Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008",

}

TY - GEN

T1 - Security policy pre-evaluation towards risk analysis

AU - Yi, Han

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2008/9/15

Y1 - 2008/9/15

N2 - Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.

AB - Nowadays, security policy evaluation becomes a very hot topic since high QoP(Quality of Protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn't be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security , policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.

UR - http://www.scopus.com/inward/record.url?scp=51349136634&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51349136634&partnerID=8YFLogxK

U2 - 10.1109/ISA.2008.114

DO - 10.1109/ISA.2008.114

M3 - Conference contribution

AN - SCOPUS:51349136634

SN - 9780769531267

T3 - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

SP - 415

EP - 420

BT - Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008

ER -