Authors: Hee Suk Seo, Tae Kyung Kim

Abstract:

As network components grow larger and more diverse, and as securing them on a host-by-host basis grow more difficult, more sites are turning to a network security model. We concentrate on controlling network access to various hosts and the services they offer, rather than on securing them one by one with a network security model. We present how the policy rules from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Base) are inducted, and how to be used in PBN. In the network security environment, each simulation model is hierarchically designed by DEVS (Discrete EVent system Specification) formalism.

Keywords: SVDB, PBN, DEVS, Network security.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1333284

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1526

References:

[1] C. M. King, C. E. Dalton, T. E. Osmanoglu, Security Architecture, RSA press, 2001.
[2] B. P. Zeigler, H. Praehofer and T.G. Kim, Theory of Modeling and Simulation, Academic Press, 2000.
[3] Seo, Hee Suk and Cho, Tae Ho, "An application of blackboard architecture for the coordination among the security systems," Simulation Modelling Practice and Theory, Elsevier Science B.V., Vol. 11, Issues 3-4, pp. 269-284, Jul. 2003.
[4] R. Bace, Intrusion Detection, Macmillan Technical Publishing, 2000.
[5] F. Cohen, "Simulating Cyber Attacks, Defences, and Consequences," Computer & Security, Vol.18, pp. 479-518, 1999.
[6] Dinesh C. Verna. Policy-Based Networking: Architecture and Algorithm, New Rider, 2001.
[7] Dave Kosiur. Understanding Policy-Based Networking, John Wiley & Sons, Inc. 2001.
[8] B. Moore, et al., "Policy Core Information Model-Version 1 Specification," IETF RFC 3060, Feb 2000.
[9] E. D. Zwicky, S. Cooper and D. B. Chapman, Building Internet Firewalls second edition, O'reilly & Associates, 2000.