Visible to the public From Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty

TitleFrom Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty
Publication TypeConference Paper
Year of Publication2016
AuthorsChaisiri, S., Ko, R. K. L.
Conference Name2016 IEEE Trustcom/BigDataSE/ISPA
KeywordsAccess Control, Adaptation models, Collaboration, Computational modeling, Context, Context modeling, context-aware computing, Context-aware security, context-aware security policy management, governance, Government, mathematical optimization, Mobile handsets, policy, policy-based governance, proactive security, pubcrawl, reactionary security, security economics, security of data, security policies, security policy planning, stochastic programming, stochastic programming models, ubiquitous computing

At the core of its nature, security is a highly contextual and dynamic challenge. However, current security policy approaches are usually static, and slow to adapt to ever-changing requirements, let alone catching up with reality. In a 2012 Sophos survey, it was stated that a unique malware is created every half a second. This gives a glimpse of the unsustainable nature of a global problem, any improvement in terms of closing the "time window to adapt" would be a significant step forward. To exacerbate the situation, a simple change in threat and attack vector or even an implementation of the so-called "bring-your-own-device" paradigm will greatly change the frequency of changed security requirements and necessary solutions required for each new context. Current security policies also typically overlook the direct and indirect costs of implementation of policies. As a result, technical teams often fail to have the ability to justify the budget to the management, from a business risk viewpoint. This paper considers both the adaptive and cost-benefit aspects of security, and introduces a novel context-aware technique for designing and implementing adaptive, optimized security policies. Our approach leverages the capabilities of stochastic programming models to optimize security policy planning, and our preliminary results demonstrate a promising step towards proactive, context-aware security policies.

Citation Keychaisiri_reactionary_2016