• DocumentCode
    3371940
  • Title

    Security Policy Pre-evaluation towards Risk Analysis

  • Author

    Han, Yi ; Hori, Yoshiaki ; Sakurai, Kouichi

  • Author_Institution
    Grad. Sch. of Inf. Sci. & Electr. Eng., Kyushu Univ., Fukuoka
  • fYear
    2008
  • fDate
    24-26 April 2008
  • Firstpage
    415
  • Lastpage
    420
  • Abstract
    Nowadays, security policy evaluation becomes a very hot topic since high QoP(quality of protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn´t be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.
  • Keywords
    risk analysis; security of data; quality of protection; risk analysis; security policy enforcement; security policy preevaluation; Computer crime; Computer networks; Computer security; Concrete; Information science; Information security; Privacy; Proposals; Protection; Risk analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Security and Assurance, 2008. ISA 2008. International Conference on
  • Conference_Location
    Busan
  • Print_ISBN
    978-0-7695-3126-7
  • Type

    conf

  • DOI
    10.1109/ISA.2008.114
  • Filename
    4511603
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3371940