Security Policy Conflicts in Service-oriented Systems

The use of firewall has been widespread in all the emerging technologies such as Service Oriented Architecture, web services, cloud computing and so on. The term security itself is the most important task that has to be maintained in the real-time applications. Policies are enrolled in the security of the firewall where the quality of policies is to be maintained. The network administrator defines the policy as a rule. Managing the firewall policies, maintaining the risk analysis and also the conflicting nature that arise in the network, lack of systematic analysis mechanisms and tools used are often error prone. The distributed firewall is used to overcome the shortcomings of the traditional firewall. In this paper we represent a set of techniques such as, rule-based segmentation technique to identify the policy anomalies and effectively derive the anomaly resolution. Grid-based visualization technique, provide the policy anomaly information in a grid form, which helps in identifying the policy conflicts and finally the techniques to resolve the conflicts and the redundancy that arise in a single- or multi-firewall environment. We also discuss about the implementation of the visualization-based firewall policy analysis tool called Firewall Anomaly Management Framework (FAME), where all the techniques are used in a single tool and an approach to resolve the anomalies in an effective and efficient way.

Download Full-text

Reasoning About Policies in Security-Aware Service Discovery Using Answer Set Programming

International Journal of Cooperative Information Systems ◽

10.1142/s0218843016500039 ◽

2016 ◽

Vol 25 (01) ◽

pp. 1650003

Author(s):

Vernon Asuncion ◽

Khaled M. khan ◽

Abdelkarim Erradi ◽

Saleh Alhazbi

Keyword(s):

Security Policy ◽

Service Discovery ◽

Answer Set Programming ◽

Search Space ◽

Security Policies ◽

Discovery Research ◽

Viable Solution ◽

Service Oriented ◽

Software Services ◽

Answer Set

In order to enable a secure interaction between dynamically discovered software services and the client’s application in a cooperative information system such as service oriented system, one of the pre-requisites is the reconciliation of service-specific security policies of all stakeholders. Existing service discovery research does not address the issue of enormous search space in finding security-aware services based on preferred security policy alternatives of the client of software services. In this paper, we propose an answer set programming (ASP) approach, drawn from the field of artificial intelligence (AI), to explore a viable solution of finding security-aware services for the client. We argue that the ASP approach can significantly reduce the search space and achieve great performance gains. We use ASP to: (i) specify security policies including expressing service-specific security preference weighting and importance scoring in quantifiable terms; and (ii) reason about the compliance between the security policies of the client and the software service.

Download Full-text

A DAG-Based Security Policy Conflicts Detection Method

Journal of Computer Research and Development ◽

10.1360/crad20050703 ◽

2005 ◽

Vol 42 (7) ◽

pp. 1108 ◽

Cited By ~ 10

Author(s):

Jian Yao

Keyword(s):

Security Policy ◽

Detection Method ◽

Policy Conflicts

Download Full-text

Efficient Algorithms for Dynamic Detection and Resolution of IPSec/VPN Security Policy Conflicts

2010 24th IEEE International Conference on Advanced Information Networking and Applications ◽

10.1109/aina.2010.99 ◽

2010 ◽

Cited By ~ 6

Author(s):

Salman Niksefat ◽

Masoud Sabaei

Keyword(s):

Security Policy ◽

Efficient Algorithms ◽

Policy Conflicts ◽

Dynamic Detection

Download Full-text

A Security Policy Model for Agent Based Service-Oriented Architectures

Lecture Notes in Computer Science - Availability, Reliability and Security for Business, Enterprise and Health Information Systems ◽

10.1007/978-3-642-23300-5_2 ◽

2011 ◽

pp. 13-25 ◽

Cited By ~ 1

Author(s):

Eckehard Hermann

Keyword(s):

Security Policy ◽

Service Oriented Architectures ◽

Agent Based ◽

Policy Model ◽

Service Oriented

Download Full-text

A Security Policy Infrastructure for Tactical Service Oriented Architectures

Security of Industrial Control Systems and Cyber-Physical Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-319-61437-3_3 ◽

2017 ◽

pp. 37-51 ◽

Cited By ~ 2

Author(s):

Vasileios Gkioulos ◽

Stephen D. Wolthusen

Keyword(s):

Security Policy ◽

Service Oriented Architectures ◽

Service Oriented

Download Full-text

Constraint Analysis for Security Policy Partitioning Over Tactical Service Oriented Architectures

Advances in Intelligent Systems and Computing - Advances in Network Systems ◽

10.1007/978-3-319-44354-6_9 ◽

2016 ◽

pp. 149-166 ◽

Cited By ~ 4

Author(s):

Vasileios Gkioulos ◽

Stephen D. Wolthusen

Keyword(s):

Security Policy ◽

Service Oriented Architectures ◽

Constraint Analysis ◽

Service Oriented

Download Full-text

Policy-Based Security Engineering of Service Oriented Systems

Web Services Security Development and Architecture ◽

10.4018/978-1-60566-950-2.ch006 ◽

2010 ◽

pp. 118-133

Author(s):

Antonio Maña ◽

Gimena Pujol ◽

Antonio Muñoz

Keyword(s):

Formal Specification ◽

Security Policy ◽

Engineering Process ◽

Specialized Knowledge ◽

Security Engineering ◽

Service Oriented ◽

Automated Processing ◽

Correct Application ◽

High Level ◽

The Web

In this chapter the authors present a policy-based security engineering process for service oriented applications, developed in the SERENITY and MISTICO projects. Security and dependability (S&D) are considered as first-class citizens in the proposed engineering process, which is based on the precise description of reusable security and dependability solutions. The authors’ process is based on the concept of S&D Pattern as the means to capture the specialized knowledge of security engineers and to make it available for automated processing, both in the development process (the focus of this chapter) and later at runtime. In particular, in this chapter they focus on the verification of the compliance with security policies, based on the formal specification of S&D Properties. The main advantages of the approach presented in this chapter are precisely that it allows us to define high-level policies and to verify that a secure oriented system complies with such policy (developed following the SERENITY approach). They also describe the application of the proposed approach to the verification of S&D properties in the web services (WS) environment. Concretely, the authors describe the use of SERENITY framework to facilitate the development of applications that use standard security mechanisms (such WS-Security, WS-Policy, WS-Security Policy, etc) and to ensure the correct application of these standard mechanisms, based on predefined policies. Finally, they show how to verify that the application complies with one or several S&D policies.

Download Full-text

Security Policy Conflict Detection for Distributed System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.282-283.173 ◽

2011 ◽

Vol 282-283 ◽

pp. 173-176 ◽

Cited By ~ 1

Author(s):

Ai Juan Zhang ◽

Cheng Ji ◽

Jian Wang

Keyword(s):

Access Control ◽

Distributed System ◽

Security Policy ◽

Conflict Detection ◽

Distributed Applications ◽

Security Policies ◽

Policy Document ◽

Policy Conflict ◽

Fine Grained ◽

Policy Conflicts

Distributed applications require integrating security policies of collaborating parties, and the policies must be able to support complex authorization specifications and conflicts of policies must be able to be detected. In this paper, we introduce a policy for fine-grained access control which is able to support the specifications with sufficient policy constraints, and then we present a methodology based on semantics to detect whether there are policy conflicts and then produce the XACML policy document.

Download Full-text