William M. Fitzgerald

Management of security policy configuration using a Semantic Threat Graph approach

Managing the configuration of heterogeneous enterprise security mechanisms is a complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management based approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study based on Network Access Controls demonstrates how threats can be analysed and how automated configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards, including NIST, IETF and PCI-DSS recommendations for firewall configuration.

Aligning Semantic Web applications with network access controls

Access controls for Semantic Web applications are commonly considered at the level of the application-domain and do not necessarily consider the security controls of the underlying infrastructure to any great extent. Low-level network access controls such as firewalls and proxies are considered part of providing a generic network infrastructure that hosts a variety of Semantic Web applications and is independent of the application-level access control services. For example, it is unusual to include firewall policy rules in an application policy that constrain the kinds of application information different principals may access. As a consequence, an improperly configured infrastructure may unintentionally hinder the normal operation of a Semantic Web application. Simply opening a firewall for HTTP and HTTPS services does not necessarily result in a proper configuration. Taking an ontology-based approach, this paper considers how a firewall configuration should be analyzed with respect to the Semantic Web application(s) that it hosts.

Management of heterogeneous security access control configuration using an ontology engineering approach

Management of heterogeneous enterprise security mechanisms is complex and requires a security administrator to have deep knowledge of each security mechanisms configuration. Effective configuration may be hampered by poor understanding and/or management of the enterprise security policy which, in turn, may unnecessarily expose the enterprise to known threats. This paper argues that knowledge about detailed security configuration, enterprise-level security requirements including best practice recommendations and their relationships can be modelled, queried and reasoned over within an ontology-based framework. A threat-based approach is taken to structure this knowledge. The management of XMPP application-level and firewall-level access control configuration is investigated.

MASON: Mobile autonomic security for network access controls

Smartphones are on par with modern desktop environments in terms of operating system and hardware functionality. As a consequence, threats to desktop environments are also applicable to smartphones in addition to traditional threats to mobile phones. End-user management of security configurations that mitigate smartphone threats is complex and error-prone. As a consequence, misconfiguration of a security configuration may unnecessarily expose a smartphone to known threats. In this paper, a threat-based model for smartphone security configuration is presented. To evaluate the approach, a prototype Android security app, MASON, is developed to automatically manage firewall configurations on behalf of the end-user. A case study based on firewall access control demonstrates how automated firewall configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards such as NIST 800-124, a guideline on cell phone and PDA security and NIST 800-41-rev1, a guideline on firewall security configuration.

Anomaly analysis for Physical Access Control security configuration

Physical Access Controls, such as supervised doors, surveillance cameras and alarms, act as important points of demarcation between physical zones (areas/rooms) of different levels of trust. They do so by controlling personnel flow to and from areas in accordance with the enterprise security policy. A significant challenge in providing physical access control for (restricted) areas is attaining a degree of confidence that a Physical Access Control security configuration adequately addresses the threats. A misconfiguration may result in a threat of unapproved personnel access or the denial of approved personnel access to a restricted zone. In practice, Physical Access Control security configurations typically span multiple zones, involve many users and run to many thousands of access-control rules, and such complexity may increase the likelihood of misconfiguration. In this paper, a formal model for Physical Access Control security configurations is presented. This model, implemented in SAT, captures a number of unique anomalies specific to Physical Access Control domain. A preliminary set of experiments that evaluate our approach is presented.

An Approach to Security Policy Configuration Using Semantic Threat Graphs

Managing the configuration of heterogeneous enterprise security mechanisms is a wholly complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs , a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study on Network Access Controls demonstrates how threats can be analyzed and how automated configuration recommendations can be made based on catalogues of best-practice countermeasures.

Avoiding inconsistencies in the Security Content Automation Protocol

The Security Content Automation Protocol (SCAP) provides a standardized approach to specifying system configuration, vulnerability, patch and compliance management. SCAP comprises a family of existing standards, such as the Open Source Vulnerability Language (OVAL) and the Common Platform Enumeration (CPE). Defining new or extending existing SCAP content is non-trivial and potentially error-prone. For example, specifying a vulnerability in OVAL may appear straightforward, however, the challenge is to specify the vulnerability in such as way that it is consistent with respect to, not just other OVAl data, but also data described under any other standards in SCAP. This paper identifies a number of consistency problems that can occur in SCAP specifications and these are illustrated using examples from existing OVAL, CPE, CVE and CCE repositories. It is argued that an ontology-based approach can be used as a means of providing a uniform vocabulary for specifying SCAP data and its relationships. A SCAP ontology is developed based on Semantic Threat Graphs and it is argued that its use can help to ensure consistency across large-scale SCAP repositories.

Semantic Web and firewall alignment

Secure Semantic Web applications, particularly those involving access control, are typically focused at the application-domain only, rather than taking a more holistic approach to also include the underlying infrastructure (for example, firewalls). As a result, infrastructure configurations may unintentionally hinder and prohibit the normal operation of the Semantic Web. This paper, discusses an approach involving Description Logic and the Semantic Web Rule Language to provide synergy and alignment between firewall configurations and semantic-aware application configurations.

Consumer-managed federated homes

There are emerging opportunities for distributed, composite services, based on the combination of smart homes, networked consumer devices, third-party services, and social, geographical or commercial collaborations. However, current home automation technology tends to focus on the single-home solution, rather than enabling home users to securely share and easily manage the resources and services of their home area network. This article describes a new federated home architecture that addresses these needs, reports on prototyping to date, and provides an overview of several important technologies for the next generation of federated homes. Our vision is to support a future of user-centric device and service sharing from home to home across the Internet, in a way that does not rely on centralized authority but supports a web of secure, peer-wise trusted relationships between consumers.

Principles of secure network configuration: towards a formal basis for self-configuration

The challenge for autonomic network management is the provision of future network management systems that have the characteristics of self-management, self-configuration, self-protection and self-healing, in accordance with the high level objectives of the enterprise or human end-user. This paper proposes an abstract model for network configuration that is intended to help understand fundamental underlying issues in self-configuration. We describe the cascade problem in self-configuring networks: when individual network components that are securely configured are connected together (in an apparently secure manner), a configuration cascade can occur resulting in a mis-configured network. This has implications for the design of self-configuring systems and we discuss how a soft constraint-based framework can provide a solution.