Towards automatic creation of usable security configuration
INFOCOM'10 Proceedings of the 29th conference on Information communications
| Hi-index | 0.00 |
Recent studies show that more than 65% of the network vulnerabilities are due to misconfigured network access control. Arbor Networks in their ISP survey shows that managing access control is the top challenge in ISP networks today, which creates major reachability and security violations such as unauthorized access/traffic, backdoors and increasing attack surface [1]. Access control exists in network devices such as routers, firewall and IPSec gateways and application-level such RBAC systems and authorization servers. The wide distribution of large number of access control configurations that usually exhibit different syntactic and semantic behavior in highly dynamic network environments creates real challenges for verifying, evaluating and enforcing access control policies. Thus, there is a pressing need for models and tools that allow for global end-toend analysis of access control by integrating network and application-level access control in a single framework from design, verification and optimization to evaluation and deployment. These frameworks should also provide quantitative means to design and evaluate access control automatically and objectively [2, 3]. In addition, as security risk is dynamically changing in networks due to new threats or users' behavior, enabling proactive access control will play an important role in future network defense. In this talk, I will present the state-of-the-art and discuss future challenges of designing, verification and evaluation of access control policies.