KIT | KIT-Bibliothek | Impressum | Datenschutz

Efficient Semantic Representation of Network Access Control Configuration for Ontology-based Security Analysis

Patzer, Florian; Beyerer, Jürgen

Abstract (englisch):
Assessing countermeasures and the sufficiency of security-relevant configurations within networked system architectures is a very complex task. Even the configuration of single network access control (NAC) instances can be too complex to analyse manually. Therefore, model-based approaches have manifested themselves as a solution for computer-aided configuration analysis. Unfortunately, current approaches suffer from various issues like coping with configuration-language heterogeneity or the analysis of multiple NAC instances as one overall system configuration, which is the case for the maturity of analysis goals. In this paper, we show how deriving and modelling NAC configurations’ effects solves the majority of these issues by allowing generic and simplified security analysis and model extension. The paper further presents the underlying modelling strategy to create such configuration effect representations (hereafter referred to as effective configuration) and explains how analyses based on previous approaches can still be performed. Moreover, the linking between rule representations and effective configuration is demonstrated, which enables the tracing of issues, found in the effective configuration, back to specific rules. ... mehr

Verlagsausgabe §
DOI: 10.5445/IR/1000139429
Veröffentlicht am 27.10.2021
DOI: 10.5220/0010285305500557
Cover der Publikation
Zugehörige Institution(en) am KIT Fakultät für Informatik (INFORMATIK)
Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung (IOSB)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2021
Sprache Englisch
Identifikator ISBN: 978-989-758-491-6
ISSN: 2184-4356
KITopen-ID: 1000139429
HGF-Programm 46.23.04 (POF IV, LK 01) Engineering Security for Production Systems
Erschienen in Proceedings of the 7th International Conference on Information Systems Security and Privacy. Hrsg:. Paolo Mori, Gabriele Lenzini, Steven Furnell
Veranstaltung 7th International Conference on Information Systems Security and Privacy (ICISSP 2021), Online, 11.02.2021 – 13.02.2021
Verlag SciTePress
Seiten 550–557
Serie ICISSP ; 1
Schlagwörter Network Access Control; Ontology-based Security Analysis; Security Analysis; Security Ontology
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page