Change search
ReferencesLink to record
Permanent link

Direct link
Protecting Stateless Security Policies using One-Way Functions
Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
2001 (English)Report (Refereed)
Abstract [en]

This paper addresses the problem of protecting security-related information in security extensions, e.g. the detection policy in an Intrusion Detection System (IDS) or the filtering policy in a firewall. Knowledge of the security policy would potentially facilitate the penetration

of an intruder into the target system, the short-circuiting of a firewall or the circumvention of the IDSs detection mechanisms. To avoid this risk we suggest that the

policy be protected using one-way functions and the paper suggests a scheme for protecting stateless policies. A stateless policy is a policy that takes only the current event into consideration when decisions are made and not the preceding chain of events. Thus, the

process of comparing events towards the policy, i.e. making decisions, can be done in much the same way that passwords are hashed and compared in UNIX systems. However, one important distinction is that security policies contain a certain variability that must be

managed, and a method for this is discussed. Finally, we discuss an automated tool for compiling a policy into a protected policy.

Place, publisher, year, edition, pages
Technical Report 01-3, Department of Computer Engineering, Chalmers University of Technology, SE-412 96 Göteborg, Sweden, 2001
National Category
Computer Science
Research subject
Computer Science
URN: urn:nbn:se:kau:diva-22664OAI: diva2:596417
Available from: 2013-01-22 Created: 2013-01-22 Last updated: 2013-01-22

Open Access in DiVA

No full text

Search in DiVA

By author/editor
Hedbom, Hans
By organisation
Department of Computer ScienceCentre for HumanIT
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

Total: 28 hits
ReferencesLink to record
Permanent link

Direct link