Abstract
Service Providers using Service Oriented Architecture in order to deliver in-house services as well as on-demand and cloud services have to deal with two interdependent challenges: (1) to achieve, maintain and prove compliance with security requirements stemming from internal needs, 3rd party demands and international regulations and (2) to manage requirements, policies and security configuration in a cost-efficient manner. The deficiencies of current processes and tools force these service providers to trade off profitability against security and compliance. This paper summarizes a novel approach of a policy chain, which links high-level, abstract and declarative security policies on one side and low-level, imperative, and technical security configuration settings on the other side. The paper describes an architecture linking several applications and models via state-machines in order to provide a toolset supporting service providers to build such a holistic policy chain at design time, and to maintain and leverage it during system operation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Forrester Research: How To Manage Your Information Security Policy Framework (2006)
Forrester Research: The Change And Configuration Management Software Market (2007)
Gartner Research: Security Software and Services Spending Will Outpace Other IT Spending Areas in 2010 (2009)
Chen, H., Al-Nashif, Y.B., Qu, G., Hariri, S.: Self-Configuration of Network Security. In: 11th IEEE International Enterprise Distributed Object Computing Conference, p. 97 (2007)
Center for Strategic and International Studies: Securing Cyberspace for the 44th Presidency (2008)
Oppenheimer, D.: The importance of understanding distributed system configuration. In: Conference on Human Factors in Computer Systems Workshop (2003)
Patterson, D.A.: A simple way to estimate the cost of downtime. In: 16th Systems Administration Conference, LISA 2002, pp. 185–188 (2002)
Boutaba, R., Aib, I.: Policy-based Management: A Historical Perspective. Journal of Network and System Management 15(4), 447–480 (2007)
de Albuquerque, J.P., Krumm, H., de Geus, P.L., Jeruschkat, R.: Scalable model-based configuration management of security services in complex enterprise networks. Journal Software: Practice and Experience 41(3), 307–338 (2011)
Mont, M., Baldwin, A., Goh, C.: POWER prototype: Towards integrated policy-based management. In: IEEE/IFIP Network Operations and Management Symposium, pp. 789–802 (2000)
Basile, C., Lioy, A., Perez, G.M., Clemente, F.J.G., Skarmeta, A.F.G.: POSITIF: A Policy-Based Security Management System. In: 8th IEEE Workshop on Policies for Distributed Systems and Networks (2007)
Perez, M.G., Bernabe, J.B., Marin Perez, J.M., Martinez Manzano, D.J., Gomez Skarmeta, A.F.: A Policy-based Dependability Management Framework for Critical Services. International Journal on Advances in Internet Technology 2(4) (2009)
Alsubhi, K., Aib, I., François, J., Boutaba, R.: Policy-Based Security Configuration Management, Application to Intrusion Detection and Prevention. In: ICC, pp. 1–6 (2009)
Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Preda, S.: MIRAGE: A Management Tool for the Analysis and Deployment of Network Security Policies. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds.) DPM 2010 and SETOP 2010. LNCS, vol. 6514, pp. 203–215. Springer, Heidelberg (2011)
Teo, L., Ahn, G.-J.: Managing heterogeneous network environments using an extensible policy framework. In: 2nd ACM symposium on Information, Computer and Communications Security, ASIACCS 2007, pp. 362–364 (2007)
Goldsack, P., Guijarro, J., Loughran, S., Coles, A., Farrell, A., Lain, A., Murray, P., Toft, P.: The SmartFrog configuration management framework. SIGOPS Oper. Syst. Rev. 43(1), 16–25 (2009)
Burns, J., Cheng, A., Gurung, P., Rajagopalan, S., et al.: Automatic management of network security policy. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), vol. 2 (2001)
Twidle, K., Lupu, E., Dulay, N., Sloman, M.: Ponder2—A policy environment for autonomous pervasive systems. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 245–246 (2008)
Charalambides, M., Flegkas, P., Pavlou, G., et al.: Policy conflict analysis for diffserv quality of service management. IEEE Transactions on Network and Service Management 6(1), 15–30 (2009)
Hassan, A.A., Bahgat, W.M.: A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms. Journal of Electrical Engineering 61(1), 20–28 (2010)
PoSecCo. Deliverable 4.2 – Structural Service Landscape Meta-Model (2011)
PoSecCo. Deliverable 4.4 – Concept and architecture for automated model creation, population, maintenance and audit (2012)
PoSecCo. Deliverable 2.1 – Framework for Business Level Policies (2011)
PoSecCo. Deliverable 2.2 – IT policy meta-model and language (2011)
PoSecCo. Deliverable 3.1 – Initial SDSS architecture and workflow (2011)
PoSecCo. Deliverable 3.3 – Configuration Meta-Model (2011)
Casalino, M.M., Mangili, M., Plate, H., Ponta, S.E.: Detection of configuration vulnerabilities in distributed (web) environments. In: Security and Privacy in Communication Networks - 8th Iternational ICST Conference, SecureComm (to appear, 2012)
PoSecCo. Deliverable 1.3 – Concept and Architecture of the overall Solution (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Arsac, W., Laube, A., Plate, H. (2013). Policy Chain for Securing Service Oriented Architectures. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2012 2012. Lecture Notes in Computer Science, vol 7731. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35890-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-35890-6_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35889-0
Online ISBN: 978-3-642-35890-6
eBook Packages: Computer ScienceComputer Science (R0)