Abstract | ||
---|---|---|
The use of formal models to guide security design is appealing. This paper presents a model driven approach whereby security systems in operation can be assessed and measured against various requirements that are defined when the system is created. By aligning with organisational policy, and business requirements of a specific system, design and operation can proceed in a way that allows measurement of how successfully security objectives are being achieved. This paper describes a model driven approach which overcomes the contextual restrictions of existing solutions. In particular, where models have been used previously these have tended to be predefined and closed models, whereas the approach described here is an extensible model that comprises all parts of the security monitoring and decision support process. By means of interlinked semantic concepts, the proposed security strategy meta model provides a way to model security directives at an abstract level, which can be automatically compiled into specific rules for an underlying framework of monitoring, decision support, and enforcement engines. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1145/2422498.2422500 | MDsec |
Keywords | Field | DocType |
decision support,management system,security strategy measurement,model security directive,extensible model,security design,proposed security strategy meta,security system,security monitoring,security objective,closed model,formal model,security information and event management | Security convergence,Security testing,Security through obscurity,Software engineering,Security engineering,Computer security,Security service,Cloud computing security,Security information and event management,Engineering,Computer security model | Conference |
Citations | PageRank | References |
2 | 0.38 | 10 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Roland Rieke | 1 | 86 | 13.82 |
Julian Schütte | 2 | 58 | 14.61 |
Andrew Hutchison | 3 | 2 | 0.38 |