Proc. SPIE. 7350, Defense Transformation and Net-Centric Systems 2009
KEYWORDS: Defense and security, Data modeling, Data processing, System identification, Chemical elements, Systems modeling, Information security, Computer security, Network security, Classification systems
Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These
attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security,
network infrastructure, and services. As more services come online, systems that were once in isolation now provide
information that may be combined dynamically with information from other systems to create new meaning on the fly.
Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a
higher classification than any of its constituent parts.
To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is
evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The
introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most
vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our
approach is integration of semantic policy into enterprise security to augment traditional network security with an overall
awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture -
analyzing trends and identifying critical relations in system wide data access.
The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive
security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing
Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and
high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling
resources to proactively isolate, lock-down, and secure systems that are most vulnerable.