Title :
Security Policy Pre-evaluation towards Risk Analysis
Author :
Han, Yi ; Hori, Yoshiaki ; Sakurai, Kouichi
Author_Institution :
Grad. Sch. of Inf. Sci. & Electr. Eng., Kyushu Univ., Fukuoka
Abstract :
Nowadays, security policy evaluation becomes a very hot topic since high QoP(quality of protection) is required by more and more people. Most of the researchers focus on the security policy evaluation after they have been enforced into real application systems via some real attacks. However, before security policy enforcement, the policy themselves may also contain some anomalies which shouldn´t be ignored. In this paper, we pointed out the importance of security policy pre-evaluation which focuses on security policy evaluation before policy enforcement. In addition we propose a framework for it towards risk analysis. As a concrete example, we show how to apply our framework to firewall security policies. Finally we discuss about the difficulty of our proposal and show future work interests.
Keywords :
risk analysis; security of data; quality of protection; risk analysis; security policy enforcement; security policy preevaluation; Computer crime; Computer networks; Computer security; Concrete; Information science; Information security; Privacy; Proposals; Protection; Risk analysis;
Conference_Titel :
Information Security and Assurance, 2008. ISA 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3126-7
DOI :
10.1109/ISA.2008.114
