Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints

Stefano Bistarelli; Simon N. Foley; Barry O'Sullivan

Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints

Stefano Bistarelli
, Simon N. Foley
, Barry O'Sullivan

Research output: Contribution to conference › Paper › peer-review

Abstract

The security of a network configuration is based, not just on the security of its individual components and their direct interconnections, but it is also based on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for cascading paths that violate security, in a circuitous manner, across a network. In this paper we show how constraint programming provides a natural approach to expressing the necessary constraints to ensure multilevel security across a network configuration. In particular, soft constraints are used to detect and eliminate the cascading network paths that violate security. Taking this approach results in practical advancements over existing solutions to this problem. In particular, constraint satisfaction highlights the set of all cascading paths, upon which we can compute in polynomial time an optimal reconfiguration of the network and ensure security.

Original language	English
Pages	808-813
Number of pages	6
Publication status	Published - 2004
Event	Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004) - San Jose, CA, United States Duration: 25 Jul 2004 → 29 Jul 2004

Conference

Conference	Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004)
Country/Territory	United States
City	San Jose, CA
Period	25/07/04 → 29/07/04

Cite this

Bistarelli, S., Foley, S. N., & O'Sullivan, B. (2004). Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints. 808-813. Paper presented at Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004), San Jose, CA, United States.

Bistarelli, Stefano ; Foley, Simon N. ; O'Sullivan, Barry. / Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints. Paper presented at Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004), San Jose, CA, United States.6 p.

@conference{a4d00a074d6045e1a054b7b89e959be8,

title = "Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints",

abstract = "The security of a network configuration is based, not just on the security of its individual components and their direct interconnections, but it is also based on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for cascading paths that violate security, in a circuitous manner, across a network. In this paper we show how constraint programming provides a natural approach to expressing the necessary constraints to ensure multilevel security across a network configuration. In particular, soft constraints are used to detect and eliminate the cascading network paths that violate security. Taking this approach results in practical advancements over existing solutions to this problem. In particular, constraint satisfaction highlights the set of all cascading paths, upon which we can compute in polynomial time an optimal reconfiguration of the network and ensure security.",

author = "Stefano Bistarelli and Foley, \{Simon N.\} and Barry O'Sullivan",

year = "2004",

language = "English",

pages = "808--813",

note = "Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004) ; Conference date: 25-07-2004 Through 29-07-2004",

}

Bistarelli, S, Foley, SN & O'Sullivan, B 2004, 'Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints', Paper presented at Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004), San Jose, CA, United States, 25/07/04 - 29/07/04 pp. 808-813.

Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints. / Bistarelli, Stefano; Foley, Simon N.; O'Sullivan, Barry.
2004. 808-813 Paper presented at Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004), San Jose, CA, United States.

Research output: Contribution to conference › Paper › peer-review

TY - CONF

T1 - Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints

AU - Bistarelli, Stefano

AU - Foley, Simon N.

AU - O'Sullivan, Barry

PY - 2004

Y1 - 2004

N2 - The security of a network configuration is based, not just on the security of its individual components and their direct interconnections, but it is also based on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for cascading paths that violate security, in a circuitous manner, across a network. In this paper we show how constraint programming provides a natural approach to expressing the necessary constraints to ensure multilevel security across a network configuration. In particular, soft constraints are used to detect and eliminate the cascading network paths that violate security. Taking this approach results in practical advancements over existing solutions to this problem. In particular, constraint satisfaction highlights the set of all cascading paths, upon which we can compute in polynomial time an optimal reconfiguration of the network and ensure security.

AB - The security of a network configuration is based, not just on the security of its individual components and their direct interconnections, but it is also based on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for cascading paths that violate security, in a circuitous manner, across a network. In this paper we show how constraint programming provides a natural approach to expressing the necessary constraints to ensure multilevel security across a network configuration. In particular, soft constraints are used to detect and eliminate the cascading network paths that violate security. Taking this approach results in practical advancements over existing solutions to this problem. In particular, constraint satisfaction highlights the set of all cascading paths, upon which we can compute in polynomial time an optimal reconfiguration of the network and ensure security.

UR - https://www.scopus.com/pages/publications/9444295894

M3 - Paper

AN - SCOPUS:9444295894

SP - 808

EP - 813

T2 - Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004)

Y2 - 25 July 2004 through 29 July 2004

ER -

Bistarelli S, Foley SN, O'Sullivan B. Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints. 2004. Paper presented at Proceedings - Nineteenth National Conference on Artificial Intelligence (AAAI-2004): Sixteenth Innovative Applications of Artificial Intelligence Conference (IAAI-2004), San Jose, CA, United States.

Detecting and eliminating the cascade vulnerability problem from multilevel security networks using soft constraints

Abstract

Conference

Other files and links

Fingerprint

Cite this