Development of applications built on multi-party communication has made the need for the management ofpolicy. Security Policies are used to bridge the gap between static implementations and user requirements. A securi...Development of applications built on multi-party communication has made the need for the management ofpolicy. Security Policies are used to bridge the gap between static implementations and user requirements. A securitypolicy defines the security relevant behaviors, access control parameters, and security mechanisms used to implementthe group. A policy specification language defines both how a policy is represented and the rules with which the repre-sentation is interpreted. This paper describes the design space of security policy, and presents Group Security PolicyMarkup Language(GSPML)specification based on XML. GSPML, which is oriented to both people and computers,will be flexible and expressive and enough to support different secure requirements.展开更多
The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash...The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are low, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases. Moreover, the interactions between IDS & vulnerability scan and firewall & IDS are discussed in detail.展开更多
文摘Development of applications built on multi-party communication has made the need for the management ofpolicy. Security Policies are used to bridge the gap between static implementations and user requirements. A securitypolicy defines the security relevant behaviors, access control parameters, and security mechanisms used to implementthe group. A policy specification language defines both how a policy is represented and the rules with which the repre-sentation is interpreted. This paper describes the design space of security policy, and presents Group Security PolicyMarkup Language(GSPML)specification based on XML. GSPML, which is oriented to both people and computers,will be flexible and expressive and enough to support different secure requirements.
基金The National Natural Science Foundation of China(No.71071033)the Innovation Project of Jiangsu Postgraduate Education(No.CX10B_058Z)
文摘The integrated linkage control problem based on attack detection is solved with the analyses of the security model including firewall, intrusion detection system (IDS) and vulnerability scan by game theory. The Nash equilibrium for two portfolios of only deploying IDS and vulnerability scan and deploying all the technologies is investigated by backward induction. The results show that when the detection rates of IDS and vulnerability scan are low, the firm will not only inspect every user who raises an alarm, but also a fraction of users that do not raise an alarm; when the detection rates of IDS and vulnerability scan are sufficiently high, the firm will not inspect any user who does not raise an alarm, but only inspect a fraction of users that raise an alarm. Adding firewall into the information system impacts on the benefits of firms and hackers, but does not change the optimal strategies of hackers, and the optimal investigation strategies of IDS are only changed in certain cases. Moreover, the interactions between IDS & vulnerability scan and firewall & IDS are discussed in detail.
