{"title":"使用事务的网络策略执行:NEUTRON方法","authors":"D. Thomsen, E. Bertino","doi":"10.1145/3205977.3206000","DOIUrl":null,"url":null,"abstract":"We propose a tool to capture applications requirements with respect to the enforcement of network security policies in an object-oriented design language. Once a design captures clear, concise, easily understood network requirements new technologies become possible, including network transactions and user-driven policies to remove rarely used network permissions until needed, creating a least privilege in time policy. Existing security enforcement policies represent a model of all allowable behavior. Only modeling allowable behavior requires that any entity that may need a permission, be granted it permanently. Refining the modeling to distinguish between common behavior and rare behavior will increase security. The increased security comes with costs, such as requiring users to strongly authenticate more often. This paper discusses those costs and the complexity of increasing security enforcement models.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"106 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Network Policy Enforcement Using Transactions: The NEUTRON Approach\",\"authors\":\"D. Thomsen, E. Bertino\",\"doi\":\"10.1145/3205977.3206000\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose a tool to capture applications requirements with respect to the enforcement of network security policies in an object-oriented design language. Once a design captures clear, concise, easily understood network requirements new technologies become possible, including network transactions and user-driven policies to remove rarely used network permissions until needed, creating a least privilege in time policy. Existing security enforcement policies represent a model of all allowable behavior. Only modeling allowable behavior requires that any entity that may need a permission, be granted it permanently. Refining the modeling to distinguish between common behavior and rare behavior will increase security. The increased security comes with costs, such as requiring users to strongly authenticate more often. This paper discusses those costs and the complexity of increasing security enforcement models.\",\"PeriodicalId\":423087,\"journal\":{\"name\":\"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies\",\"volume\":\"106 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3205977.3206000\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3205977.3206000","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network Policy Enforcement Using Transactions: The NEUTRON Approach
We propose a tool to capture applications requirements with respect to the enforcement of network security policies in an object-oriented design language. Once a design captures clear, concise, easily understood network requirements new technologies become possible, including network transactions and user-driven policies to remove rarely used network permissions until needed, creating a least privilege in time policy. Existing security enforcement policies represent a model of all allowable behavior. Only modeling allowable behavior requires that any entity that may need a permission, be granted it permanently. Refining the modeling to distinguish between common behavior and rare behavior will increase security. The increased security comes with costs, such as requiring users to strongly authenticate more often. This paper discusses those costs and the complexity of increasing security enforcement models.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
