Efficient Semantic Representation of Network Access Control Configuration for Ontology-based Security Analysis

Florian Patzer, Jürgen Beyerer

Abstract

Assessing countermeasures and the sufficiency of security-relevant configurations within networked system architectures is a very complex task. Even the configuration of single network access control (NAC) instances can be too complex to analyse manually. Therefore, model-based approaches have manifested themselves as a solution for computer-aided configuration analysis. Unfortunately, current approaches suffer from various issues like coping with configuration-language heterogeneity or the analysis of multiple NAC instances as one overall system configuration, which is the case for the maturity of analysis goals. In this paper, we show how deriving and modelling NAC configurations’ effects solves the majority of these issues by allowing generic and simplified security analysis and model extension. The paper further presents the underlying modelling strategy to create such configuration effect representations (hereafter referred to as effective configuration) and explains how analyses based on previous approaches can still be performed. Moreover, the linking between rule representations and effective configuration is demonstrated, which enables the tracing of issues, found in the effective configuration, back to specific rules.

Download


Paper Citation


in Harvard Style

Patzer F. and Beyerer J. (2021). Efficient Semantic Representation of Network Access Control Configuration for Ontology-based Security Analysis.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 550-557. DOI: 10.5220/0010285305500557


in Bibtex Style

@conference{icissp21,
author={Florian Patzer and Jürgen Beyerer},
title={Efficient Semantic Representation of Network Access Control Configuration for Ontology-based Security Analysis},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={550-557},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010285305500557},
isbn={978-989-758-491-6},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Efficient Semantic Representation of Network Access Control Configuration for Ontology-based Security Analysis
SN - 978-989-758-491-6
AU - Patzer F.
AU - Beyerer J.
PY - 2021
SP - 550
EP - 557
DO - 10.5220/0010285305500557