Article: "Extensible policy framework for heterogeneous network environments" Journal: Int. J. of Information and Computer Security, 2013 Vol.5 No.4 pp.251 - 274 Abstract: Security policy management is critical to meet organisational needs and reduce potential risks because almost every organisation depends on computer networks and the internet for their daily operations. It is therefore important to specify and enforce security policies effectively. However, as organisations grow, so do their networks - this increases the difficulty of deploying a security policy, especially across heterogeneous systems. In this paper, we introduce a policy framework called Chameleos-x which is designed to enforce security policies consistently across security-aware systems with network services - primarily operating systems, firewalls, and intrusion detection systems. Throughout this paper, we focus on the design and architecture of Chameleos-x and demonstrate how our policy framework helps organisations implement security policies in changing, diversity-rich environments. We also describe our ongoing work in the experimentation of Chameleos-x, where we have obtained promising results. - Inderscience Publishers - linking academia, business and industry through research

Int. J. of Information and Computer Security » 2013 Vol.5, No.4

Title: Extensible policy framework for heterogeneous network environments

Authors: Lawrence Teo; Gail-Joon Ahn

Addresses:
UNC Charlotte, 9201 University City Blvd., Charlotte, NC 28223, USA
Lab. of Security Engineering for Future Computing (SEFCOM), Arizona State University, 699 South Mill Ave., Tempe, AZ 85281, USA

Abstract: Security policy management is critical to meet organisational needs and reduce potential risks because almost every organisation depends on computer networks and the internet for their daily operations. It is therefore important to specify and enforce security policies effectively. However, as organisations grow, so do their networks - this increases the difficulty of deploying a security policy, especially across heterogeneous systems. In this paper, we introduce a policy framework called Chameleos-x which is designed to enforce security policies consistently across security-aware systems with network services - primarily operating systems, firewalls, and intrusion detection systems. Throughout this paper, we focus on the design and architecture of Chameleos-x and demonstrate how our policy framework helps organisations implement security policies in changing, diversity-rich environments. We also describe our ongoing work in the experimentation of Chameleos-x, where we have obtained promising results.

Keywords: access control; grid systems; assured sharing; security policy; security management; heterogeneous networks; grid computing; operating systems; firewalls; intrusion detection systems.

DOI: 10.1504/IJICS.2013.058210

Int. J. of Information and Computer Security, 2013 Vol.5, No.4, pp.251 - 274

Available online: 10 Dec 2013