Integrating Advanced Security Certification and Policy Management

被引：1

作者：

Bezzi, Michele ^{[2
]}

Damiani, Ernesto ^{[3
]}

Paraboschi, Stefano ^{[1
]}

Plate, Henrik ^{[2
]}

机构：

[1] Univ Bergamo, Via Marconi 5, I-24044 Dalmine, Italy

[2] SAP Global Res & Business Incubat, F-06250 Mougins, France

[3] Univ Milan, I-26013 Crema, Italy

来源：

CYBER SECURITY AND PRIVACY | 2013年 / 182卷

关键词：

Service assurance; Security certification; Security policy management;

D O I：

10.1007/978-3-642-41205-9_5

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Recent models of software provisioning based on cloud architectures co-exist and interact with in-premises large and heterogeneous software ecosystems. In this increasingly complex landscape, organizations and users are striving to deal with assurance in all phases of software life cycle: acquisition, installation, use and maintenance. In this paper, we start by describing the notion of machine-readable security certificates, and discuss how they can be used for assurance-based software selection. Then, we introduce some models and tools for administrators for the automatic management of security policies, which include policy conflict detection. Finally, we discuss how these two approaches can be integrated for supporting organization to (semi-) automatically address the security requirements throughout the entire software life cycle.

引用

页码：55 / 66

页数：12

共 50 条

[21] Integrating silviculture, forest management, and forest policy
Oliver, CD
11TH CENTRAL HARDWOOD FOREST CONFERENCE, PROCEEDINGS, 1997, 188 : 25 - 25
[22] Security checker architecture for policy-based security management
Tishkov, A
Kotenko, I
Sidelnikova, E
COMPUTER NETWORK SECURITY, PROCEEDINGS, 2005, 3685 : 460 - 465
[23] Integrating Physical Programming to Information Security System Management
Kongsuwan, Pauline
Shin, Sangmun
11TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III, PROCEEDINGS,: UBIQUITOUS ICT CONVERGENCE MAKES LIFE BETTER!, 2009, : 143 - 148
[24] Integrating IS Security with Knowledge Management: Are We Doing Enough?
Jennex, Murray
Durcikova, Alexandra
INTERNATIONAL JOURNAL OF KNOWLEDGE MANAGEMENT, 2014, 10 (02) : 1 - 12
[25] Shell's trust domain infrastructure security certification - Linking security management to business objectives
van Dijken, P
ADVANCES IN NETWORK AND DISTRIBUTED SYSTEMS SECURITY, 2001, 78 : 201 - 202
[26] A Security Evaluation and Certification Management Database Based on ISO/IEC Standards
Chen, Huilin
Bao, Da
Gao, Hongbiao
Cheng, Jingde
PROCEEDINGS OF 2016 12TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY (CIS), 2016, : 249 - 253
[27] Information security management: An approach to combine process certification and product evaluation
Eloff, MM
von Solms, SH
COMPUTERS & SECURITY, 2000, 19 (08) : 698 - 709
[28] Security policy management for healthcare system network
Lee, K
Jiang, Z
Kim, S
Kim, S
HEALTHCOM 2005: 7TH INTERNATIONAL WORKSHOP ON ENTERPRISE NETWORKING AND COMPUTING IN HEALTHCARE INDUSTRY, PROCEEDINGS, 2005, : 289 - 292
[29] MASTER as a Security Management Tool for Policy Compliance
Crispo, Bruno
Gheorghe, Gabriela
Di Giacomo, Valentina
Presenza, Domenico
TOWARDS A SERVICE-BASED INTERNET, 2010, 6481 : 213 - +
[30] Policy-driven model for security management
Boudaoud, K
McCathieNevile, C
NETWORK CONTROL AND ENGINEERING FOR QOS, SECURITY AND MOBILITY, 2003, 107 : 419 - 424

← 1 2 3 4 5 →