Towards automatic creation of usable security configuration

Bin Zhang; Ehab Al-Shaer

doi:10.1109/INFCOM.2010.5462215

Towards automatic creation of usable security configuration

Bin Zhang^*
, Ehab Al-Shaer

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

The objective of this work is to create usable security architecture that will minimize network risk while considering usability and budget. We propose and formulate a novel framework for automatic creation of network security architecture including configuration rules and device placements in order to minimize risk while satisfying the business requirements, service usability and budget constraints. Our framework also automates the creation of external and internal Demilitarized Zones (DMZ) to improve security by increasing isolation. We formalize this as an optimization problem and show that it is NP-hard. We then provide heuristic approximation algorithms. The implemented systems, called SecBuilder, were evaluated under different network sizes, topologies and security requirements. Our evaluation study shows that the results obtained by SecBuilder are close to the theoretical lower bound and the performance is scalable with the network size.

Original language	English
Title of host publication	2010 Proceedings IEEE INFOCOM
DOIs	https://doi.org/10.1109/INFCOM.2010.5462215
State	Published - 2010
Externally published	Yes
Event	IEEE INFOCOM 2010 - San Diego, CA, United States Duration: 14 Mar 2010 → 19 Mar 2010

Publication series

Name	Proceedings - IEEE INFOCOM
ISSN (Print)	0743-166X

Conference

Conference	IEEE INFOCOM 2010
Country/Territory	United States
City	San Diego, CA
Period	14/03/10 → 19/03/10

ASJC Scopus subject areas

General Computer Science
Electrical and Electronic Engineering

Access to Document

10.1109/INFCOM.2010.5462215

Cite this

@inproceedings{19f183932d2e463cbf960d5cc6a37c08,

title = "Towards automatic creation of usable security configuration",

abstract = "The objective of this work is to create usable security architecture that will minimize network risk while considering usability and budget. We propose and formulate a novel framework for automatic creation of network security architecture including configuration rules and device placements in order to minimize risk while satisfying the business requirements, service usability and budget constraints. Our framework also automates the creation of external and internal Demilitarized Zones (DMZ) to improve security by increasing isolation. We formalize this as an optimization problem and show that it is NP-hard. We then provide heuristic approximation algorithms. The implemented systems, called SecBuilder, were evaluated under different network sizes, topologies and security requirements. Our evaluation study shows that the results obtained by SecBuilder are close to the theoretical lower bound and the performance is scalable with the network size.",

author = "Bin Zhang and Ehab Al-Shaer",

year = "2010",

doi = "10.1109/INFCOM.2010.5462215",

language = "English",

isbn = "9781424458363",

series = "Proceedings - IEEE INFOCOM",

booktitle = "2010 Proceedings IEEE INFOCOM",

note = "IEEE INFOCOM 2010 ; Conference date: 14-03-2010 Through 19-03-2010",

}

TY - GEN

T1 - Towards automatic creation of usable security configuration

AU - Zhang, Bin

AU - Al-Shaer, Ehab

PY - 2010

Y1 - 2010

N2 - The objective of this work is to create usable security architecture that will minimize network risk while considering usability and budget. We propose and formulate a novel framework for automatic creation of network security architecture including configuration rules and device placements in order to minimize risk while satisfying the business requirements, service usability and budget constraints. Our framework also automates the creation of external and internal Demilitarized Zones (DMZ) to improve security by increasing isolation. We formalize this as an optimization problem and show that it is NP-hard. We then provide heuristic approximation algorithms. The implemented systems, called SecBuilder, were evaluated under different network sizes, topologies and security requirements. Our evaluation study shows that the results obtained by SecBuilder are close to the theoretical lower bound and the performance is scalable with the network size.

AB - The objective of this work is to create usable security architecture that will minimize network risk while considering usability and budget. We propose and formulate a novel framework for automatic creation of network security architecture including configuration rules and device placements in order to minimize risk while satisfying the business requirements, service usability and budget constraints. Our framework also automates the creation of external and internal Demilitarized Zones (DMZ) to improve security by increasing isolation. We formalize this as an optimization problem and show that it is NP-hard. We then provide heuristic approximation algorithms. The implemented systems, called SecBuilder, were evaluated under different network sizes, topologies and security requirements. Our evaluation study shows that the results obtained by SecBuilder are close to the theoretical lower bound and the performance is scalable with the network size.

UR - https://www.scopus.com/pages/publications/77953297888

U2 - 10.1109/INFCOM.2010.5462215

DO - 10.1109/INFCOM.2010.5462215

M3 - Conference contribution

AN - SCOPUS:77953297888

SN - 9781424458363

T3 - Proceedings - IEEE INFOCOM

BT - 2010 Proceedings IEEE INFOCOM

T2 - IEEE INFOCOM 2010

Y2 - 14 March 2010 through 19 March 2010

ER -

Towards automatic creation of usable security configuration

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this