2010 Second International Conference on Future Networks
Design and Formulation of Security Strategy in Network
Ning Zhang 1, 2
1. Institute of Information Technology
Beijing Union University
Beijing, China
zn2004@163.com
2. Faculty of Information and Engineering
Flinders University, Adelaide, 5001 Australia
zhan0489@flinders.edu.au
Abstract—In recent years, The information security has
become a thriving and fast moving discipline in modern
network society. people have realized that design and
formulation of security strategy is very important and
security failure is caused at least as often by bad
incentives as by bad design. We find that incentives are
becoming as important as technical design in achieving
dependability. Systems are particularly prone to failure
when the person guarding them is not the person who
suffers when they fail. The growing use of security
mechanisms to enable one system user to exert power
over another user, rather than simply to exclude people
who should not be users at all, introduces many strategic
and policy issues.
Keywords-design; formulation; security strategy; network
I. INTRODUCTION
Rapid and dramatic advances in information technology,
while offering tremendous benefits, have also created
significant and unprecedented risks to network.
Traditionally, telecom networks refer to the infrastructure
required to establish an end-to-end transfer of analogue or
digital information [1]. This comprised the transmission and
switching infrastructure [2]. Today, the infrastructure is
divided into layers in order to achieve a higher level of
service integration [3]. The new infrastructure supports fixed
and wireless network services. E-commerce and software
systems have evolved over the years using technologies
which have enabled handling of diverse critical applications
[4]. As component-based designs gain popularity and
security concerns rise on the information highway, it has
become increasingly important to analyze the software
architecture components for security evaluation [5]. Securing
an organization’s information assets is a relentless battle. The
constant barrage of threats keeps information security
professionals in a reactive mode [6]. Telecom networks
distinguish between traffic (e.g., voice, data and multimedia)
and control (signaling). A different layer, called connectivity
network, is defined for traffic, and another layer, called
control layer, is defined for signaling [7]. As more
applications and services appeared, another layer was
introduced, the service layer [8]. Operations & Maintenance
978-0-7695-3940-9/10 $26.00 © 2010 IEEE
DOI 10.1109/ICFN.2010.91
Authorized licensed use limited to: West Virginia University. Downloaded on July 29,2010 at 06:06:20 UTC from IEEE Xplore. Restrictions apply.
Hong Bao
School of Information
Beijing Union University
Beijing, China
baohong@buu.com.cn
(O&M) networks require high security, and that leads to
another sublayer within the core network [9]. Cyber
criminals are generating attacks using a growing arsenal of
weapons, including spam, mal-ware, and spy-ware; however,
the intent of malicious activity has clearly shifted away from
notoriety toward profit [10]. According to various threat
reports, more zero-day attacks are surfacing than ever before,
further highlighting the need for executives to gain broad
visibility across the organization and develop a proactive
security strategy. With all the advantages that mention about
the integrated layered architecture of telecom networks, we
should not overlook the increasing number of security
concerns that apply to all types of services and all levels of
the telecom network [11]. Access networks are subject to
denial-of-service attacks and various unauthorized-access
attacks. Fixed networks suffer from clip-on access and
associated fraud, as well as violation of privacy. Wireless
networks do not require physical access, and are even more
exposed. Mobility adds other vulnerabilities and threats,
including SIM card cloning, subscription frauds, man-in-the-
middle attacks and so on. External and internal threats leave
little time for information security professionals to research
new technologies and review policies and processes to get
ahead of the security problems [12]. Executive buy-in, end-
user awareness, and information security staff competencies
continue to be challenging areas for security practitioners as
they balance their time between information technology and
business.
II. ANALYSIS OF NETWORK SECURITY
The formulation of a security strategy also requires
people and processes to be addressed as they, too, are
significant areas for exposure. If overlooked, intentional and
unintentional behavior of users, social engineering, lack of
business continuity planning, or insufficient separation of
duties can all lead to serious consequences. Organizations
must evaluate all internal and external risks on both physical
and logical levels to properly execute against their risk
management objectives. Core networks have a multitude of
interconnection points, which mean different security
requirements and possible exposure to a wide range of
threats and vulnerabilities. Attacks on the core would lead to
larger impacts on the different services and stakeholders,
such as end users, service and application providers, and the
216
operator itself, as shown in Fig. 1. To enhance protection of
the network, specific security principles and best practices
are commonly used. Information industries are characterized
by many different types of externalities, where individuals’
actions have side effects on others.
Figure 1. Core networks for security requirements
for access to project-Plan. Only project managers have the
access rights. Third, the administrator maintains a collection
of application binaries so that individual employees do not
need to install programs on the project-PC. However, a
dedicated and clever attacker can still cause a security breach
in this configuration. Remember web-Server is managed by
the administrator. So if web-Server is compromised, it is
likely that the credential of the administrator will also be
leaked to the attacker, through a password sniffer for
example. The administrator’s credential does not enable the
attacker to access project-Plan on file-Server(it can only be
accessed by project managers). However, it does allow the
attacker to update the application binaries. So he can install
his version of Acrobat Reader. Some day a project manager
will open a project plan in PDF format, and besides showing
the file, the Trojan horse Acrobat Reader communicates the
content to the attacker. The difficulty in measuring
information security risks presents another challenge: These
risks cannot be managed better until they can be measured
better. Insecure software dominates the market for the simple
reason that most users cannot distinguish it from secure
software; thus, developers are not compensated for costly
efforts to strengthen their code. However, markets for
vulnerabilities can be used to quantify software security,
thereby rewarding good programming practices and
punishing bad ones. Insuring against attacks could also
provide metrics by building a pool of data for valuing risks.
However, local and global correlations exhibited by different
attack types largely determine what sort of insurance markets
are feasible.

Stealing passwords and accessing the management ports,

attacking the signaling layer, targeting databases of
subscribers, network elements, gateways, and application
servers could lead to security violations, fraud and service
interruption. Most existing tools for automatic network
management adopt a policy-based approach. System
administrators decide upon a global policy specifying how
the network should be configured. The tools can verify that a
given policy is correctly implemented by low-level
mechanisms. In some cases, they can also translate policies
into sets of configuration directives and push them to the
corresponding network devices, as shown in Fig. 2. In order
IDC

to make sure certain security requirements are met, the

administrator only needs to examine the policy, which is
easier and less error-prone than examining every piece of the
configuration. There are three zones (Internet, edge and core)
separated by two firewalls (FW1 and FW2). The
administrator manages the web-Server and the file-Server
while the project-PC is operated by corporate employees.
The company owns proprietary information so the security
management needs to ensure that their confidentiality will
not be compromised by an outside attacker. To achieve this
security goal, multiple configuration elements must be set up
appropriately. First, the topology and firewall configuration
allow outside packets to reach edge zone, but not core zone
where the confidential project-Plan is stored. Second, the file
sharing service running on file-Server requires authentication Figure 2. System security management

217

Authorized licensed use limited to: West Virginia University. Downloaded on July 29,2010 at 06:06:20 UTC from IEEE Xplore. Restrictions apply.
 III. FORMULATION OF SECURITY STRATEGY condensed-matter physics. It takes ideas from other
As networks grow and become increasingly complex, the disciplines, such as graph theory, and in turn provides tools
risk of holes in security due to configuration and/or design for modeling and investigating such networks. Because
mistakes increases. As increasingly more business critical security has to be an integral part of the system from the
applications rely on the availability of the networks, the start, and cannot be “bolted on” afterwards, it is crucial to get
exposure to loss is also becoming drastically higher. Users the security design right from the very beginning. The
expect reliability in all transactions, independent of access, interaction of network science with information security
and guaranteed connection quality. From a security point of provides an interesting bridge to evolutionary game theory, a
view, the user expects no viruses, no worms, no fraud, branch of economics that has been very influential in the
nobody listening in, and the ability to know who requests a study of human and animal behavior. To provide adequate
communication session. The formulation of a security security, it is important to be able to model the mobile
strategy also requires people and processes to be addressed network and analyze the threats to assets as shown in Fig.4.
as they, too, are significant areas for exposure. If overlooked, The following three-plane architecture provides a useful and
intentional and unintentional behavior of users, social simple way of capturing relevant information. This model
engineering, lack of business continuity planning, or consists of four architectural components: separate security
insufficient separation of duties can all lead to serious planes, security layers, security services, and security
consequences. Organizations must evaluate all internal and policies & principles.
external risks on both physical and logical levels to properly
execute against their risk management objectives. Networks
should be designed in such a way that events on one security
plane are kept totally isolated from the other security planes.
Security solution development begins with threat-risk
analysis. It is required to identify assets, threats and
vulnerabilities, rank the different assets in the order of their
importance for the business, and evaluate different
alternatives to handle the risk. A security policy should be a
statement of management intent, supporting the goals and
principles of information security in line with the business
strategy and objectives. The policy performs several
functions that help ensure the effectiveness of whatever
security strategy the organization pursues, shown in Fig. 3.
The topology of complex networks is an emerging tool for
analyzing information security. The information security
policy statement should provide a mandate for robust and
effective information security management.
PLAN: establishing the ISMS
• Define the business needs for information security and
set these out within a corporate information security policy.
• Identify and assess the risks to information security.
• Either identify controls to be established to manage the
information security risks identified, transfer the risks or
accept them as appropriate, based on business needs and the
risk appetite of the organization.
DO: implementing and operating the ISMS
• Develop and implement action plans to manage the
identified information security risks.
CHECK: monitoring and reviewing the ISMS
• Establish processes to identify actual and potential
information security incidents or systems weaknesses.
ACT: maintaining the ISMS
• Review and update the ISMS as required.
Computer networks from the Internet to decentralized
peer-to-peer networks are complex but emerge from ad hoc
interactions of many entities using simple ground rules. This
emergent complexity, coupled with heterogeneity, is similar
to social networks and even to the metabolic pathways in Figure 3. The security strategy factors
living organisms. Recently a discipline of network analysis
has emerged at the boundary between sociology and It is crucial to develop a Network Plan for Security,
comprising a report describing the procedures used, threats

218

Authorized licensed use limited to: West Virginia University. Downloaded on July 29,2010 at 06:06:20 UTC from IEEE Xplore. Restrictions apply.
mitigated and scalability/functionality paths to follow in
future phases of the development of the network. Also shown
in the Network Plan are the locations of perimeter protection
nodes, placement of IDS/IPS sensors, firewalls, and
encryption nodes. Guideline scripts for filtering/security
configuration are also produced, along with inputs to the
node-hardening process. As with all security configurations,
the three aspects of functionality ease of use, and security
level must be carefully balanced in the design.
Figure 4. Network security architecture model
When an end-to-end security architecture network
configuration is carefully planned, integration of a new
network or an upgrade/enhancement of an existing network
can be performed in the best way, helping to guarantee that
the planned security levels will be implemented in a
structured way.
219
Authorized licensed use limited to: West Virginia University. Downloaded on July 29,2010 at 06:06:20 UTC from IEEE Xplore. Restrictions apply.
IV. CONCLUSION
Security, in the context of telecom networks, concerns all
parties involved: the end user, the service provider, the
content provider, the applications provider, and the operator.
The concerns can be expressed in terms of loss of service,
loss of revenue and image, loss of confidentiality, mistrust,
churn, and possible legal actions. Information security is a
global, industry-agnostic, organization wide problem that
cannot be addressed with technology solutions alone.
Security is not a static procedure that can be applied once
and for all. It is a living process that grows with the network,
users, applications, technology and offenders. Security
controls and safeguards must be implemented to reduce such
risks. This should take place in all levels of the network and
all stages of network development. The network should be
designed with security in mind and be easy to manage. The
network should be safeguarded against current vulnerabilities
and regularly tested for new vulnerabilities and threats.
ACKNOWLEDGMENT
This work is partially supported by the Scientific
Research Common Program of Beijing Municipal
Commission of Education #KM200811417011, Funding
Project for Academic Human Resources Development in
Institutions of Higher Learning Under the Jurisdiction of
Beijing Municipality, PHR(IHLB)200906126,
PHR(IHLB)200907120, and the Young Key Teacher
Program of Beijing Municipal Commission of Education.
Thanks for the help.
REFERENCES
[1] H. Varian, “System reliability and free riding,” In Economics of
Information Security, Kluwer Academic Publishers, 2004, vol. 12, pp.
1-15.
[2] K. Ozment and S. E. Schechter, “Milk or wine: does software security
improve with age?” In 15th USENIX Security Symposium, 2006, pp.
93-104.
[3] A. Acquisti and H. Varian, “Conditioning prices on purchase
history,”. In Marketing Science, 2005, 24: pp.367-375.
[4] N. Zhang, “Study on information security architecture,” private
communication.2007.
[5] A. Acquisti, H. Friedman and R. Telang, “Is there a cost to privacy
breaches?” In Fifth Workshop on the Economics of Information
Security, 2006, pp.531-539.
[6] R. Anderson, “Why information security is hard – an economic
perspective,” In 17th Annual Computer Security Applications
Conference, 2001, pp. 358–365.
[7] H. Varian, “System reliability and free riding. In Economics of
Information Security,” vol. 12 of Advances in Information Security,
2004, pp. 1-15.
[8] A. Ozment and S. E. Schechter, “Milk or wine: does software security
improve with age?” In 15th USENIX Security Symposium, 2006, pp.
93-104.
[9] R. B¨ohme. A comparison of market approaches to software
vulnerability disclosure. In ETRICS , LNCS 2995. (Springer Verlag,
2006), pp. 298-311.
[10] A. Odlyzko, “Privacy, economics and price discrimination on the
internet,” In Fifth Int’l. Conference on Electronic Commerce (ACM
Press, New York, NY, USA, 2003), pp. 355-366.
[11] N. Zhang, “Information security model and its applications,” private
communication. 2007.
[12] R. Dingledine and N. Matthewson, “Anonymity loves company:
usability and the network effect,” In Fifth Workshop on the
Economics of Information Security, 2006, pp.325-335.

220

Authorized licensed use limited to: West Virginia University. Downloaded on July 29,2010 at 06:06:20 UTC from IEEE Xplore. Restrictions apply.