Firewall Wizards mailing list archives
Re: Intrusion Detection and Secuirty Policy
From: Damir Rajnovic <Damir.Rajnovic () eurocert net>
Date: Mon, 20 Apr 1998 11:48:58 +0100
At 11:22 -0400 16/4/98, Bill_Royds () pch gc ca wrote:
One problem that a needs to be addressed is a "Security Policy Language" which would be a formal notation for writing security policies that would be both explainable to managers and executives and verifiable in a formal sense. There has been work done on this in programming language verification (Euclid and stuff from late 70's) but it ended up being too "mathematical" for real world use. The tradeoff between ease of use and completnenss has always been one of the deisgn problems in all computer software. It is a hard problem as any firewall make can tell you. If you make a nice friendly GUI to sell the product, it becomes an obstacle to actually using the product in daily business.
See also a paper "Specifying a Security Policy: A Case Study" by Fre´de´ric Cuppens and Claire Saurel, ONERA-CERT, France (sorry forget URL but it should be somewhere on theirs site) This is taken from Abstract: The objective of this paper is to assist the security admin-istrators, in their attempt to specify, define and formalize security policies suited to a given high risk environment. It is then possible for the administrators to automatically derive consequencies of these policies. In particular, we want to provide users with the following functionalities: Query a given security policy. Verify that properties such as consistency and com-pleteness are enforced by a given policy. Verify that a given situation does not violate the security policy. Investigate interoperability problems between several security policies. Cheers, Gaus --------------------------------------------------------------- EuroCERT tel: (+44 1235) 822 382 c/o UKERNA fax: (+44 1235) 822 398 Atlas Centre Chilton, Didcot Oxfordshire OX11 0QS, UK
Current thread:
- Intrusion Detection and Secuirty Policy Bill_Royds (Apr 17)
- Re: Intrusion Detection and Secuirty Policy Damir Rajnovic (Apr 20)
- <Possible follow-ups>
- RE: Intrusion Detection and Secuirty Policy Russ (Apr 17)
- Re: Intrusion Detection and Secuirty Policy David Collier-Brown (Apr 20)