Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Efficient Semantic Representation of Network Access Control Configuration for Ontology-based Security Analysis

 
: Patzer, Florian; Beyerer, Jürgen

:

Mori, P. ; Institute for Systems and Technologies of Information, Control and Communication -INSTICC-, Setubal:
7th International Conference on Information Systems Security and Privacy, ICISSP 2021. Proceedings : February 11-13, 2021
Setúbal: SciTePress, 2021
ISBN: 978-989-758-491-6
pp.550-557
International Conference on Information Systems Security and Privacy (ICISSP) <7, 2021, Online>
English
Conference Paper
Fraunhofer IOSB ()
Network Access Control; security analysis; Ontology-based Security Analysis; security ontology

Abstract
Assessing countermeasures and the sufficiency of security-relevant configurations within networked system architectures is a very complex task. Even the configuration of single network access control (NAC) instances can be too complex to analyse manually. Therefore, model-based approaches have manifested themselves as a solution for computer-aided configuration analysis. Unfortunately, current approaches suffer from various issues like coping with configuration-language heterogeneity or the analysis of multiple NAC instances as one overall system configuration, which is the case for the maturity of analysis goals. In this paper, we show how deriving and modelling NAC configurations’ effects solves the majority of these issues by allowing generic and simplified security analysis and model extension. The paper further presents the underlying modelling strategy to create such configuration effect representations (hereafter referred to as effective configuration) and explains how analyses based on previous approaches can still be performed. Moreover, the linking between rule representations and effective configuration is demonstrated, which enables the tracing of issues, found in the effective configuration, back to specific rules.

: http://publica.fraunhofer.de/documents/N-630665.html