The seventh annual Big Data and SDN/NFV Summit took place from October 12^th-14^th in Nanjing, China. This year’s event took place in conjunction with the IEEE 5G Summit, resulting in three-days of discussion and demonstration of the recent advancements in areas such as Big Data, Cybersecurity, Secured Defined Network (SDN), Network Function Virtualization (NFV), Internet of Things (IoT), and Smart Sensors Networks (SSN). At the conference, InfoBeyond delivered a keynote presentation on their access control solution, Security Policy Tool. The presentation illustrated the latest access control standards specified by the National Institute of Standards and Technology (NIST) as well as a look at how the recent developments can be applied across various industries.  

Many organizations implement access control systems to protect their data and online resources from unintended use. These organizations design rules or security policies to outline how their access control system should respond to specific access requests (e.g. permit or deny). However, often these policies are not thoroughly tested and verified leaving the presence of access control flaws such as privilege leaks possible. These flaws if left undiscovered can create security holes and lead to data breach, identity theft, insider attacks, and other unauthorized system access.  NIST Computer Security Resource Center (CSRC) recommends:

“Policy specifications must undergo rigorous verification and validation through systematic testing to ensure that the policy specifications truly encapsulate the desires of the policy authors.”

Security Policy Tool has been developed to directly meet the above goal of NIST’s recommendations for advanced policy testing and verification.  During his presentation, Dr. Bin Xie, CEO of InfoBeyond, stated:

“Comprehensively verifying and validating access control policies is extremely challenging. Traditionally, organizations rely on security specialists to manually test and identify potential security holes. Manually testing is not only low in cost effectiveness but it also can make it more likely that access control flaws go unobserved as a result of human error.”

Security Policy Tool empowers organizations to make significant enhancements to their access control policy testing, analysis, and flaw correction processes. During his presentation, Dr. Bin Xie demonstrated some of Security Policy Tool’s key features, including:

•  Translating imported (XACML) access control policies into access control models
•  Demonstration of ABAC, RBAC, MLS, WorkFlow access control security models
•  Defining access rules and policies using the intuitive, user-friendly interface
•  Policy testing and identification of access control flaws
•  Automatically generating test cases resulting in a very high testing coverage
•  Demonstration of access control testing results with and without Security Policy Tool

After organizations have verified that their access control policies are free from vulnerabilities, they can then automatically convert their policies back into XACML. From there, they can export and re-deploy their newly secured policies into any access control system that they use.  Anirban Bhattacharya, Practice Head, Data & Analytics at Tech Mahindra, said:

“I will explore the tool for policy verification in business settings in which the access control system consists of policies that are enforced in a series of continuous business processes. I will recommend this tool to our colleagues.”

At this year’s event, InfoBeyond was awarded the 2017 Innovative Security Solution Award for its demonstration of Security Policy Tool. The conference is not possible without the financial and technical sponsorships by the IEEE Big Data, IEEE Software Defined Networks (SDN), IEEE Technical Committee on Big Data, and IEEE Communication Society. The Big Data Summit promotes the exploration of big data, cybersecurity, novel technologies, business applications, and market analysis.

Security Policy Tool’s free demo is available for download on their website: https://securitypolicytool.com/. Go try it, today!