Automatic Enforcement of Security in Computer Networks

Authors:
T. Mechri;M. Langar;M. Mejri;H. Fujita;Y. Funyu
Affiliations:
Laval University, Quebec, Qc, Canada;Laval University, Quebec, Qc, Canada;Laval University, Quebec, Qc, Canada;Iwate Prefectural University, Japan;Iwate Prefectural University, Japan
Venue:
Proceedings of the 2007 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the sixth SoMeT_07
Year:
2007

Citing 8
Cited 3

Communicating sequential processes

Communicating sequential processes
Lectures on a calculus for communicating systems

Proc. of the NATO Advanced Study Institute on Control flow and data flow: concepts of distributed programming
Temporal logic of programs

Temporal logic of programs
Temporal and modal logic

Handbook of theoretical computer science (vol. B)
Communication and concurrency

Communication and concurrency
The algebra of communicating processes with empty process

ACP '95 Proceedings from the international workshop on Algebra of communicating processes
Automatic analysis of firewall and network intrusion detection system configurations

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Transparent network security policy enforcement

ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference

Formal Specification and Analysis of Firewalls

Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
Network Security: Formal and Optimized Configuration

Proceedings of the 2010 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the 9th SoMeT_10
Optimized inlining of runtime monitors

NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

The main issue of this paper is to propose a formal technique allowing to automatically configure a given network so that it will respect a given security policy. In other words, given a computer network N and a security policy Φ, we introduce a formal technique that automatically produce another network N' such that N' $\vDash$ Φ and N and N' behaves in an "equivalent" (with respect to a given de finition of equivalence) way. To that end, we define a new process algebra allowing to better specify and analyze monitored network. We also define an operator $\otimes$ that produce from an initial network N and a security policy Φ another version of the network, denoted by N $\otimes$ Φ, configured in such a way that the security policy is always respected.