Skip to main content
SpringerLink
Log in

A Computer Network Defense Policy Refinement Method

  • Conference paper
Frontiers in Internet Technologies

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 401))

  • 997 Accesses

Abstract

The existing methods of policy refinement in computer network defense (CND) can only support the refinement of access control policy, but not the policies of protection, detection, response, and recovery. To solve this problem, we constructed a computer network defense policy refinement model and its formalism specification. An algorithm of defense policy refinement is designed. At last, the effectiveness of our methods was verified through one experiment cases of the composition policies with intrusion detection, vulnerabilities detection, and access control.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Zeng, H., Ma, D.F., Li, Z.Q., Zhao, Y.W.: A Policy-Based Architecture for Web Services Security Processing. In: 2012 IEEE Ninth International Conference on e-Business Engineering (ICEBE), pp. 163–169. IEEE Press (September 2012), doi:10.1109/ICEBE.2012.35

    Google Scholar 

  2. Loyall, J.P., Gillen, M., Paulos, A., et al.: Dynamic policy-driven quality of service in service-oriented information management systems. Software-Practice & Experience 41(12), 1459–1489 (2010), doi:10.1109/ISORC.2010.13

    Article  Google Scholar 

  3. Luo, X., Song, M., Song, J.: Research on service-oriented policy-driven IAAS management. The Journal of China Universities of Posts and Telecommunications 18, 64–70 (2011), doi:10.1016/S1005-8885(10)60208-7

    Article  Google Scholar 

  4. Moffett, J.D., Sloman, M.S.: Policy hierarchies for distributed systems management. IEEE Journal on Selected Areas in Communications 11(9), 1404–1414 (1993), doi:10.1109/49.257932

    Article  Google Scholar 

  5. Kumari, P., Pretschner, A.: Deriving implementation-level policies for usage control enforcement. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, pp. 83–94. ACM Press (2012), doi:10.1145/2133601.2133612

    Google Scholar 

  6. Basile, C., Lioy, A., Vallini, M.: Towards a Network-Independent Policy Specification. In: 2010 18th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2010), pp. 649–653. IEEE Press (February 2010), doi:10.1109/PDP.2010.45

    Google Scholar 

  7. Maity, S., Ghosh, S.K.: Enforcement of access control policy for mobile ad hoc networks. In: Proceedings of the Fifth International Conference on Security of Information and Networks (SIN 2012), pp. 47–52. ACM Press (2012), doi:10.1145/2388576.2388582

    Google Scholar 

  8. Department of Defense. JP3-13: Information Operations. US Government printing, Washington, DC (February 2006)

    Google Scholar 

  9. Bandara, A.K., Lupu, E.C., Moffett, J., Russo, A.: A goal-based approach to policy refinement. In: Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 229–239. IEEE Press (June 2004), doi:10.1109/POLICY.2004.1309175

    Google Scholar 

  10. de Albuquerque, J.P., Krumm, H., de Geus, P.L., Jeruschkat, R.: Scalable model-based configuration management of security services in complex enterprise networks. Software: Practice and Experience 41(3), 307–338 (2011), doi:10.1002/spe.1014

    Google Scholar 

  11. Bryans, J.W., Fitzgerald, J.S., McCutcheon, T.: Refinement-Based Techniques in the Analysis of Information Flow Policies for Dynamic Virtual Organisations. In: Camarinha-Matos, L.M., Pereira-Klen, A., Afsarmanesh, H. (eds.) PRO-VE 2011. IFIP AICT, vol. 362, pp. 314–321. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. Laborde, R., Kamel, M., Barrere, F., Benzekri, A.: Implementation of a formal security policy refinement process in WBEM architecture. Journal of Network and Systems Management 15(2), 241–266 (2007), doi:10.1007/s10922-007-9063-z

    Article  Google Scholar 

  13. Stouls, N., Potet, M.-L.: Security policy enforcement through refinement process. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 216–231. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  14. Hassan, A.A., Bahgat, W.M.: A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms. In: 2009 IEEE/ACS International Conference on Computer Systems and Applications, pp. 504–511. IEEE Press (2009), doi:10.1109/AICCSA.2009.5069371

    Google Scholar 

  15. Wei, Q., Lü, L.S., Wei, Z., Wu, W.K., Xia, C.H.: CNDIDL:A CND Intention Description Language for CND Decision. In: 2012 World Congress on Information and Communication Technologies (WICT 2012), pp. 1142–1147. IEEE Press (November 2012), doi:10.1109/WICT.2012.6409246

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of Beijing Network Technology, School of Computer Science and Engineering, Beihang University, Beijing, China

    Zhao Wei, Chunhe Xia, Yang Luo & Qing Wei

  2. Information Center of Ministry of Science and Technology, The Ministry of Science and Technology of the People’s Republic of China, Beijing, China

    Yanli Lv

Authors
  1. Zhao Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanli Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chunhe Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yang Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Qing Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, China

    Jinshu Su

  2. National University of Defense Technology, Changsha, Hunan, China

    Baokang Zhao , Zhigang Sun , Xiaofeng Wang  & Fei Wang , ,  & 

  3. Tsinghua University, Bejing, China

    Ke Xu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wei, Z., Lv, Y., Xia, C., Luo, Y., Wei, Q. (2013). A Computer Network Defense Policy Refinement Method. In: Su, J., Zhao, B., Sun, Z., Wang, X., Wang, F., Xu, K. (eds) Frontiers in Internet Technologies. Communications in Computer and Information Science, vol 401. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53959-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-53959-6_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-53958-9

  • Online ISBN: 978-3-642-53959-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation