Show simple item record  

dc.contributor.authorChaisiri, Sivadonen_NZ
dc.contributor.authorKo, Ryan K.L.en_NZ
dc.coverage.spatialTianjin, Chinaen_NZ
dc.date.accessioned2017-04-11T22:15:53Z
dc.date.available2016en_NZ
dc.date.available2017-04-11T22:15:53Z
dc.date.issued2016en_NZ
dc.identifier.citationChaisiri, S., & Ko, R. K. L. (2016). From reactionary to proactive security: context-aware security policy management and optimization under uncertainty. In Proceedings of 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, August 23-26, 2016, Tianjin, China (pp. 535–543). Washington, DC, USA: IEEE Computer Society. https://doi.org/10.1109/TrustCom.2016.0107en
dc.identifier.isbn9781509032051en_NZ
dc.identifier.urihttps://hdl.handle.net/10289/10997
dc.description.abstractAt the core of its nature, security is a highly contextual and dynamic challenge. However, current security policy approaches are usually static, and slow to adapt to ever-changing requirements, let alone catching up with reality. In a 2012 Sophos survey, it was stated that a unique malware is created every half a second. This gives a glimpse of the unsustainable nature of a global problem, any improvement in terms of closing the 'time window to adapt' would be a significant step forward. To exacerbate the situation, a simple change in threat and attack vector or even an implementation of the so-called 'bring-your-own-device' paradigm will greatly change the frequency of changed security requirements and necessary solutions required for each new context. Current security policies also typically overlook the direct and indirect costs of implementation of policies. As a result, technical teams often fail to have the ability to justify the budget to the management, from a business risk viewpoint. This paper considers both the adaptive and cost-benefit aspects of security, and introduces a novel context-aware technique for designing and implementing adaptive, optimized security policies. Our approach leverages the capabilities of stochastic programming models to optimize security policy planning, and our preliminary results demonstrate a promising step towards proactive, context-aware security policies.en_NZ
dc.format.mimetypeapplication/pdf
dc.language.isoen
dc.publisherIEEE Computer Societyen_NZ
dc.rightsThis is an author’s accepted version of an article published in the Proceedings of 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. ©2016 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
dc.sourceTrustCom 2016en_NZ
dc.subjectcomputer scienceen_NZ
dc.subjectstochastic programmingen_NZ
dc.subjectcontext-aware computingen_NZ
dc.subjectcontext-aware securityen_NZ
dc.subjectsecurity economicsen_NZ
dc.subjectmathematical optimizationen_NZ
dc.titleFrom reactionary to proactive security: context-aware security policy management and optimization under uncertaintyen_NZ
dc.typeConference Contribution
dc.identifier.doi10.1109/TrustCom.2016.0107en_NZ
dc.relation.isPartOfProceedings of 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communicationsen_NZ
pubs.begin-page535
pubs.elements-id193208
pubs.end-page543
pubs.finish-date2016-08-26en_NZ
pubs.place-of-publicationWashington, DC, USA
pubs.publication-statusPublisheden_NZ
pubs.start-date2016-08-23en_NZ


Files in this item

This item appears in the following Collection(s)

Show simple item record