Architecture for detecting violations of security policies using the ABD method
Abstract
Logs are highly relevant in managing computer security because the information recorded in them contributes to auditing and forensic analysis activities. Among the logs associated with safety are those generated by access to network services, specifically the Internet through a proxy. Because of the constant transformation of computer systems and the emergence of automatic tools to manage logs, it is necessary to integrate the functionalities of software architectures with the computer security requirements defined in the organization. This article analyzes the different architectural design methods to determine the structure of its components, their relationships, and the principles and guidelines that make up the architecture. In addition, it will allow the implementation of security mechanisms and functions that will be supported by mechanisms that will determine the quality of the proposed architecture. An architecture is offered for the detection of security breaches from the analysis of internet browsing logs of users, based on the ABD method (Architecture-Based Design Method) and the systems security architecture of information proposed by the SANS Institute for the design and description of the architecture components.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
The authors who publish in this journal agree to the following terms:
- The authors retain the copyright and guarantee to the journal the right to be the first publication of the work are distributed under a license of use and distribution "Creative Commons Attribution-NonCommercial-NoDerivativeWorks 3.0 Unported" (CC BY-NC-ND 3.0) You can consult from here the informative version and the legal text of the license that allows others to share the work with an acknowledgement of the authorship of the work and the initial publication in this journal.
- Authors may separately enter into additional agreements for non-exclusive distribution of the version of the work published in the journal (for example, placing it in an institutional repository or publishing it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are allowed and encouraged to disseminate their work electronically (e.g., in institutional repositories or on their own website) before and during the submission process, as this can lead to productive exchanges as well as earlier and greater citation of published work (see The Effect of Open Access).