Automatic conformance checks of security policies is becoming a key issue in large ICT infrastructures that are more and more prone to cyber-attacks, in particular when wireless communication technologies and media are extensively adopted. This paper presents a hierarchical class-based model for the description of a system and its security requirements, that can be profitably used by a computer-aided analysis tool designed to carry out several kinds of policy verification. Our experience, gained in analyzing real systems, confirms that the structure and flexibility of the system description model are critical issues, together with the collection of real data needed to populate the model itself. The proposed solution is able to tolerate and overcome many of the practical limitations that are met when dealing with large and heterogeneous scenarios.

A Unified Class Model for Checking Security Policies in ICT Infrastructures / CIBRARIO BERTOLOTTI, Ivan; Durante, Luca; Hu, Tingting; Valenzano, Adriano. - STAMPA. - (2012), pp. 1-6. (Intervento presentato al convegno International IEEE–AESS Conference in Europe about Space and Satellite Telecommunications) [10.1109/ESTEL.2012.6400068].

A Unified Class Model for Checking Security Policies in ICT Infrastructures

CIBRARIO BERTOLOTTI, IVAN;DURANTE, LUCA;HU, TINGTING;VALENZANO, ADRIANO
2012

Abstract

Automatic conformance checks of security policies is becoming a key issue in large ICT infrastructures that are more and more prone to cyber-attacks, in particular when wireless communication technologies and media are extensively adopted. This paper presents a hierarchical class-based model for the description of a system and its security requirements, that can be profitably used by a computer-aided analysis tool designed to carry out several kinds of policy verification. Our experience, gained in analyzing real systems, confirms that the structure and flexibility of the system description model are critical issues, together with the collection of real data needed to populate the model itself. The proposed solution is able to tolerate and overcome many of the practical limitations that are met when dealing with large and heterogeneous scenarios.
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2503327
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo