{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,29]],"date-time":"2025-04-29T22:40:01Z","timestamp":1745966401635,"version":"3.40.4"},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642365621"},{"type":"electronic","value":"9783642365638"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-36563-8_2","type":"book-chapter","created":{"date-parts":[[2013,2,22]],"date-time":"2013-02-22T06:32:47Z","timestamp":1361514767000},"page":"17-32","source":"Crossref","is-referenced-by-count":5,"title":["Using Security Policies to Automate Placement of Network Intrusion Prevention"],"prefix":"10.1007","author":[{"given":"Nirupama","family":"Talele","sequence":"first","affiliation":[]},{"given":"Jason","family":"Teutsch","sequence":"additional","affiliation":[]},{"given":"Trent","family":"Jaeger","sequence":"additional","affiliation":[]},{"given":"Robert F.","family":"Erbacher","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Anderson, J.P.: Computer security technology planning study, vol. II. Technical Report ESD-TR-73-51, Deputy for Command and Management Systems, HQ Electronics Systems Division (AFSC) (October 1972)","DOI":"10.21236\/AD0772806"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Breitbart, Y., Dragan, F., Gobjuka, H.: Effective monitor placement in internet networks. Journal of Networks (2009)","DOI":"10.4304\/jnw.4.7.657-666"},{"key":"2_CR3","unstructured":"Chen, H., Li, N., Mao, Z.: Analyzing and comparing the protection quality of security enhanced operating systems. In: NDSS (2009)"},{"issue":"1","key":"2_CR4","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1016\/j.adhoc.2011.05.008","volume":"10","author":"X. Chen","year":"2012","unstructured":"Chen, X., Kim, Y.-A., Wang, B., Wei, W., Shi, Z.J., Song, Y.: Fault-tolerant monitor placement for out-of-band wireless sensor network monitoring. Ad Hoc Networks\u00a010(1), 62\u201374 (2012)","journal-title":"Ad Hoc Networks"},{"key":"2_CR5","volume-title":"Firewalls and Internet Security; Repelling the Wily Hacker","author":"W.R. Cheswick","year":"2003","unstructured":"Cheswick, W.R., Bellovin, S.M., Rubin, A.D.: Firewalls and Internet Security; Repelling the Wily Hacker, 2nd edn. Addison-Wesley, Reading (2003)","edition":"2"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Clark, D.D., Wilson, D.: A comparison of military and commercial security policies. In: IEEE Symposium on Security and Privacy (1987)","DOI":"10.1109\/SP.1987.10001"},{"key":"2_CR7","doi-asserted-by":"publisher","first-page":"864","DOI":"10.1137\/S0097539792225297","volume":"23","author":"E. Dahlhaus","year":"1994","unstructured":"Dahlhaus, E., Johnson, D.S., Papadimitriou, C.H., Seymour, P.D., Yannakakis, M.: The complexity of multiterminal cuts. SIAM J. Comput.\u00a023, 864\u2013894 (1994)","journal-title":"SIAM J. Comput."},{"issue":"5","key":"2_CR8","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1145\/360051.360056","volume":"19","author":"D. Denning","year":"1976","unstructured":"Denning, D.: A lattice model of secure information flow. Communications of the ACM\u00a019(5), 236\u2013242 (1976)","journal-title":"Communications of the ACM"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/978-3-540-73408-6_21","volume-title":"Public Key Infrastructure","author":"N. Dragoni","year":"2007","unstructured":"Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code. In: L\u00f3pez, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol.\u00a04582, pp. 297\u2013312. Springer, Heidelberg (2007)"},{"key":"2_CR10","doi-asserted-by":"crossref","unstructured":"Ford, L.R., Fulkerson, D.R.: Flows in Networks. Princeton University Press (1962)","DOI":"10.1515\/9781400875184"},{"key":"2_CR11","doi-asserted-by":"publisher","first-page":"1347","DOI":"10.1145\/224401.224819","volume-title":"Proceedings of the 27th Conference on Winter Simulation, WSC 1995","author":"D.G. Fritz","year":"1995","unstructured":"Fritz, D.G., Sargent, R.G.: An overview of hierarchical control flow graph models. In: Proceedings of the 27th Conference on Winter Simulation, WSC 1995, pp. 1347\u20131355. IEEE Computer Society, Washington, DC (1995)"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Hicks, B., Rueda, S., St. Clair, L., Jaeger, T., McDaniel, P.: A logical specification and analysis for SELinux MLS policy. ACM Transaction on Information and System Security\u00a013(3) (2010)","DOI":"10.1145\/1805974.1805982"},{"key":"2_CR13","unstructured":"Howard, M., Pincus, J., Wing, J.: Measuring relative attack surfaces. In: Proceedings of Workshop on Advanced Developments in Software and Systems Security (2003)"},{"key":"2_CR14","unstructured":"Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the SELinux example policy. In: USENIX Security Symposium (August 2003)"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Jaeger, T., Butler, K., King, D.H., Hallyn, S., Latten, J., Zhang, X.: Leveraging IPsec for mandatory access control across systems. In: Proc. 2nd Intl. Conf. on Security and Privacy in Communication Networks (August 2006)","DOI":"10.1109\/SECCOMW.2006.359530"},{"key":"2_CR16","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/CSFW.2002.1021806","volume-title":"Proceedings of the 15th IEEE Workshop on Computer Security Foundations","author":"S. Jha","year":"2002","unstructured":"Jha, S., Sheyner, O., Wing, J.: Two formal analyses of attack graphs. In: Proceedings of the 15th IEEE Workshop on Computer Security Foundations, pp. 49\u201363. IEEE Computer Society, Washington, DC (2002)"},{"key":"2_CR17","unstructured":"King, D., Jha, S., Jaeger, T., Jha, S., Seshia, S.A.: Towards automated security mediation placement. Technical Report NAS-TR-0100-2008, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA, USA (November 2008)"},{"key":"2_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-11957-6_18","volume-title":"Programming Languages and Systems","author":"D. King","year":"2010","unstructured":"King, D., Jha, S., Muthukumaran, D., Jaeger, T., Jha, S., Seshia, S.A.: Automating Security Mediation Placement. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol.\u00a06012, pp. 327\u2013344. Springer, Heidelberg (2010)"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Massacci, F., Siahaan, I.: Matching Midlet\u2019s security claims with a platform security policy using automata modulo theory. In: Proceedings of NordSec (2007)","DOI":"10.1145\/1375696.1375698"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"McDaniel, P., Prakash, A.: Methods and limitations of security policy reconciliation. ACM Trans. Inf. Syst. Secur. (2006)","DOI":"10.1145\/1178618.1178620"},{"key":"2_CR21","unstructured":"Morris, J.: New Secmark-based network controls for SELinux, http:\/\/james-morris.livejournal.com\/11010.html"},{"key":"2_CR22","unstructured":"MSDN. Mandatory Integrity Control (Windows), http:\/\/msdn.microsoft.com\/"},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Muthukumaran, D., Rueda, S., Talele, N., Vijayakumar, H., Jaeger, T., Teutsch, J., Edwards, N.: Transforming commodity security policies to enforce Clark-Wilson integrity. In: ACSAC (2012)","DOI":"10.1145\/2420950.2420991"},{"key":"2_CR24","volume-title":"CCS 2012: Proceedings of the 19th ACM Conference on Computer and Communications Security","author":"D. Muthukumaran","year":"2012","unstructured":"Muthukumaran, D., Jaeger, T., Ganapathy, V.: Leveraging \u201dchoice\u201d to automate authorization hook placement. In: CCS 2012: Proceedings of the 19th ACM Conference on Computer and Communications Security. ACM Press, Raleigh (2012)"},{"issue":"5","key":"2_CR25","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1145\/269005.266669","volume":"31","author":"A.C. Myers","year":"1997","unstructured":"Myers, A.C., Liskov, B.: A decentralized model for information flow control. ACM Operating Systems Review\u00a031(5), 129\u2013142 (1997)","journal-title":"ACM Operating Systems Review"},{"key":"2_CR26","unstructured":"Nessus Vulnerability Scanner, http:\/\/www.nessus.org\/"},{"key":"2_CR27","unstructured":"Noble, J., Biddle, R., Tempero, E., Potanin, A., Clarke, D.: Towards a model of encapsulation. Presented at the ECOOP 2003 IWACO Workshop on Aliasing, Confinement, and Ownership (publications) (2003), http:\/\/www.mcs.vuw.ac.nz\/comp"},{"key":"2_CR28","unstructured":"Noel, S., Jajodia, S.: Advanced vulnerability analysis and intrusion detection through predictive attack graphs. In: Critical Issues in C4I, Armed Forces Communications and Electronics Association (AFCEA) Solutions Series. International Journal of Command and Control (2009)"},{"key":"2_CR29","unstructured":"Noel, S., Jajodia, S., O\u2019Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: ACSAC (2003)"},{"key":"2_CR30","unstructured":"Novell. AppArmor Linux Application Security, https:\/\/www.suse.com\/support\/security\/apparmor\/"},{"key":"2_CR31","unstructured":"NetLabel - Explicit labeled networking for Linux, http:\/\/www.nsa.gov\/research\/selinux\/"},{"key":"2_CR32","unstructured":"Security-enhanced linux, http:\/\/www.nsa.gov\/research\/selinux\/"},{"key":"2_CR33","doi-asserted-by":"crossref","unstructured":"Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: CCS (2006)","DOI":"10.1145\/1180405.1180446"},{"key":"2_CR34","unstructured":"Pike, L.: Post-hoc separation policy analysis with graph algorithms. In: Workshop on Foundations of Computer Security (FCS 2009). Affiliated with Logic in Computer Science (LICS) (August 2009)"},{"key":"2_CR35","unstructured":"Sarna-Starosta, B., Stoller, S.D.: Policy analysis for Security-Enhanced Linux. In: WITS (April 2004)"},{"key":"2_CR36","doi-asserted-by":"crossref","unstructured":"Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: IEEE Symposium on Security and Privacy, pp. 273\u2013284 (2002)","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"2_CR37","unstructured":"Sun Microsystems. Trusted Solaris operating environment - a technical overview, http:\/\/www.sun.com"},{"key":"2_CR38","unstructured":"Tang, Y., Daniels, T.E.: On the economic placement of monitors in router level network topologies. In: The Workshop on the Economics of Securing the Information Infrastructure (2006)"},{"key":"2_CR39","unstructured":"Tresys. SETools - Policy analysis tools for SELinux, http:\/\/oss.tresys.com\/projects\/setools"},{"key":"2_CR40","unstructured":"Watson, R.N.M.: TrustedBSD: Adding trusted operating system features to FreeBSD. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 15\u201328 (2001)"}],"container-title":["Lecture Notes in Computer Science","Engineering Secure Software and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-36563-8_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,29]],"date-time":"2025-04-29T21:58:04Z","timestamp":1745963884000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-36563-8_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642365621","9783642365638"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-36563-8_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}