MDC-Checker: A novel network risk assessment framework for multiple domain configurations. Issue 86 (September 2019)
- Record Type:
- Journal Article
- Title:
- MDC-Checker: A novel network risk assessment framework for multiple domain configurations. Issue 86 (September 2019)
- Main Title:
- MDC-Checker: A novel network risk assessment framework for multiple domain configurations
- Authors:
- Bai, Wei
Pan, Zhisong
Guo, Shize
Chen, Zhe
Xia, Shiming - Abstract:
- Abstract: It is a challenging task to generate correct network configurations to minimize the attack surface while meeting practical requirements, especially when the interdependent relationships between configurations scattered across physical, network and information domain are taken into consideration. As configurations in different domains are commonly generated separately while their complex inter-relationships are ignored, extra vulnerabilities would be introduced. This paper proposes a novel risk assessment framework named MDC-Checker to help network administrators to assess the risk involved. Firstly, the framework extracts the semantics from multiple domain configurations and network documents. Then, the Multiple Domain Semantics Graph (MDSG) and the Privilege Dependency Graph (PDG) are established in sequence to reason user actual privileges from their initial privileges. Finally, the differences between user deserved privileges and user actual privileges are used to measure the impact of multiple domain configurations on network security. A simulated network scenario with different sets of configurations is employed to validate the effectiveness and scalability of our framework and approach. The experimental results show that the framework captures the influences of multiple domain configurations on network security successfully and the approach is scalable to different sizes of the network.
- Is Part Of:
- Computers & security. Issue 86(2019)
- Journal:
- Computers & security
- Issue:
- Issue 86(2019)
- Issue Display:
- Volume 86, Issue 86 (2019)
- Year:
- 2019
- Volume:
- 86
- Issue:
- 86
- Issue Sort Value:
- 2019-0086-0086-0000
- Page Start:
- 388
- Page End:
- 401
- Publication Date:
- 2019-09
- Subjects:
- Network security -- Risk assessment -- User privilege -- Network configurations
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.06.016 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16503.xml