Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2005
IEEE
2005
IEEE
Generating Policies for Defense in Depth
Coordinating multiple overlapping defense mechat differing levels of abstraction, is fraught with the potential for misconfiguration, so there is strong motivation to generate policies for those mechanisms from a single specification in order to avoid that risk. This paper presents our experience and the lessons learned as we developed, validated and coordinated network communication security policies for a defensein-depth enabled system that withstood sustained red team attack. Network communication was mediated by host-based firewalls, process domain mechanisms and application-level security policies enforced by the Java Virtual Machine. We coordinated the policies across the layers using a variety of tools, but we discovered that, at least for defense-in-depth enabled systems, constructing a single specification from which to derive all policies is probably neither practical nor even desirable.
Real-time TrafficRelated Content
| Added | 24 Jun 2010 |
| Updated | 24 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ACSAC |
| Authors | Paul Rubel, Michael Ihde, Steven Harp, Charles Payne |
Comments (0)
Researcher Info
|
