Efficient Semantic Representation of Network Access Control Configuration for Ontology-based Security Analysis

Assessing countermeasures and the sufficiency of security-relevant configurations within networked system architectures is a very complex task. Even the configuration of single network access control (NAC) instances can be too complex to analyse manually. Therefore, model-based approaches have manifested themselves as a solution for computer-aided configuration analysis. Unfortunately, current approaches suffer from various issues like coping with configuration-language heterogeneity or the analysis of multiple NAC instances as one overall system configuration, which is the case for the maturity of analysis goals. In this paper, we show how deriving and modelling NAC configurations’ effects solves the majority of these issues by allowing generic and simplified security analysis and model extension. The paper further presents the underlying modelling strategy to create such configuration effect representations (hereafter referred to as effective configuration) and explains how analyses based on previous approaches can still be performed. Moreover, the linking between rule representations and effective configuration is demonstrated, which enables the tracing of issues, found in the effective configuration, back to specific rules. Copyright © 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserve

Perancangan Sistem Distribusi Data Antar Sistem Pada Sistem Informasi Sekolah Tinggi Teknik Cendekia (STTC)

The number of sub-systems which is part of System Information in Sekolah Tinggi Teknik Cendekia (SI-STTC) brings up a question of “how does the whole sub-system exchange information?”. Information exchange inter system needs a rule applying confidential aspects, data integrity and availability as system security standard. Based on the aspects, STTC designs a system named Intersystem Data Integrity System (SIDAS), a web service system designed by SOAP-XML architecture protocol. The system works on intermediate layer protocol so that it is considered to be used as inter sub-system data communication module. The design of SIDAS refers to the main aspect of computer security and business satisfaction aspect. The main aspect of computer security includes confidentiality, integrity, and availability aspect. Business satisfaction aspect refers to the criteria mentioned by COBIT as business need for information. The method used in the study includes two main parts namely business process analysis method and software development method. Business process analysis method includes analysis of business process rule and analysis of the STTC system user role, while software development analysis method use evolutionary development process model to adjust with the specification of development system done. The study produces a result of a system design which can be used as inter sub-system data integrator of System Information Sekolah Tinggi Teknik Cendekia (SI-STTC).Keywords: System Information, STTC, Web Service, Data Distribution, SOAP, XM