Techniques for security configuration management in distributed information systems

Matteo Maria Casalino 1
1 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : The security of nowadays IT services significantly depends on the correct configuration of increasingly distributed information systems. At the same time, the management of security configurations is still heavily centered on human activities, which are costly and prone to error. Over the last decade it has been repeatedly reported that a significant share of security incidents and data breaches are caused by inaccurate systems configuration. To tackle this problem, several techniques have been proposed to increase the automation in configuration management tasks. Many of them focus on planning and implementation, i.e., the phases where abstract security requirements and policies are elicited, harmonized, de-conflicted and transformed into concrete configurations. As such, these techniques often require formal or highly structured input policies amenable to automated reasoning, which are rarely available in practice. In contrast, less attention has been dedicated to the monitoring and change management phases, which complement the above steps by detecting and remediating configuration errors and by ensuring that configuration changes do not expose the system to security threats. The objectives and contributions of this thesis take the latter perspective and, as such, they pragmatically work on the basis of concrete security configurations. In particular, we propose three contributions that move from more concrete syntax-based configuration analysis towards increasingly abstract semantic reasoning
Document type :
Theses
Complete list of metadatas

Cited literature [129 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01058803
Contributor : Abes Star <>
Submitted on : Thursday, August 28, 2014 - 11:12:08 AM
Last modification on : Wednesday, November 20, 2019 - 3:20:26 AM
Long-term archiving on: Saturday, November 29, 2014 - 10:26:22 AM

File

TH2014_Casalino_Matteo-Maria.p...
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01058803, version 1

Citation

Matteo Maria Casalino. Techniques for security configuration management in distributed information systems. Other [cs.OH]. Université Claude Bernard - Lyon I, 2014. English. ⟨NNT : 2014LYO10124⟩. ⟨tel-01058803⟩

Share

Metrics

Record views

770

Files downloads

1849