Information Technology Reference
In-Depth Information
Computer network defenses are actions through the use of computer networks to
protect, monitor, analyze, detect and respond to unauthorized activities within
Department of Defense information systems and computer networks [8].
It remains unclear about how to expand the policy refinement methods to computer
network defense field in order to support the refinement of defense policy including
protection, detection, response, and recovery. Based on this problem, we have
proposed a computer network defense policy refinement method. A formalism model
of policy refinement is provided. This model supports the refinement of four types of
defense policies including protection, detection, response, and recovery policies. At
last, we designed an algorithm of defense policy refinement and the effectiveness of
the methods we proposed is verified through two experiments.
The rest of this paper is organized as follows. Section 2 gives related works of
policy refinement. CND policy refinement model and its formalism specification are
provided in Section 3. A CND policy refinement algorithm is designed in Section 4
Section 5 gives the experiment analysis and verification for CND policy refinement.
Finally, Section 6 concludes the paper.
2
Related Works
Automatic policy refinement methods simplify security service management in
complex network environment. Previous researchers have proposed various policy
refinement methods for the network security management. These methods are shown
as follows:
Reference [9] proposed a policy refinement method that can get action sequence to
achieve high-level goal based on event-calculation and abductive reasoning.
Reference [10] proposed a policy refinement method based on MBM model.
Reference [11] proposed a model-based refinement of security policy method in the
collaborative virtual organization. This model-to-model transformation technique can
transform XACML-based VO policy to the resource level. Reference [12] shows a
security policy refinement framework in the network environment. This framework
includes a three-level model. The top level of RBAC model is used to express security
goals. The middle level of the network security tactics model is used to express the
constraints of data stream. The bottom of the model is an abstract view oriented
towards the technical capacity. At last, the implementation of this model is realized
within the framework of CIM/WBEM. Reference [13] proposed a policy refinement
method based on event-B. The policy has four levels including user-service level,
process-terminal service level, host-port level, and interface-port level. Reference [14]
extended OrBAC model and proposed a policy refinement method transforming a
high-level security policy into low-level security mechanism. An example is provided
to verify the effectiveness of the method.
In conclusion, most of the policy refinement methods [12-14] only support the
refinement of access control policy instead of defense policies such as protection and
detection policies, et al. Reference [9] can support policy refinement of network
management. However, they cannot support defense policy refinement from the
perspective of computer network defense.
Based on the existing policy refinement methods and the characteristics of computer
network defense, we proposed a computer network defense policy refinement method.
A formalism policy refinement model is provided. Compared with other policy
