In this contributed volume, leading international researchers explore configuration modeling and checking, vulnerability and risk assessment, configuration analysis, and diagnostics and discovery. The authors equip readers to understand automated security management systems and techniques that increase overall network assurability and usability. These constantly changing networks defend against cyber attacks by integrating hundreds of security devices such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers, and crypto systems. Automated Security Management presents a number of topics in the area of configuration automation. Early in the book, the chapter authors introduce modeling and validation of configurations based on high-level requirements and discuss how to manage the security risk as a result of configuration settings of network systems. Later chapters delve into the concept of configuration analysis and why it is important in ensuring the security and functionality of a properly configured system. The book concludes with ways to identify problems when things go wrong and more. A wide range of theoretical and practical content make this volume valuable for researchers and professionals who work with network systems.
表中的内容
1: Towards a Unified Modeling and Verification of Network and System Security Configurations.- 2: Modeling and Checking the Security of DIFC System Configurations.- 3: Increasing Android Security using a Lightweight OVAL-based Vulnerability Assessment Framework.- 4: A Declarative Logic-based Approach for Threat Analysis of Advanced Metering Infrastructure.- 5: Risk based Access Control using Classification.- 6: GCNav – Generic Configuration Navigation System.- 7: The Right Files at the Right Time.- 8: Rule Configuration Checking in Secure Cooperative Data Access.- 9: Programmable Diagnostic Network Measurement with Localization and Traffic Observation.- 10: Discovery of Unexpected Services and Communication Paths in Networked Systems.- 11: Tracing Advances Persistent Threats in Networked Systems.