Handbook of logic in artificial intelligence and logic programming (Vol. 4)
Automatic analysis of firewall and network intrusion detection system configurations
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
On the Safety and Efficiency of Firewall Policy Deployment
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Specifications of a high-level conflict-free firewall policy language for multi-domain networks
Proceedings of the 12th ACM symposium on Access control models and technologies
A Formal Model for Network-Wide Security Analysis
ECBS '08 Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems
Formal Verification of Security Policy Implementations in Enterprise Networks
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Fault Analysis of Security Policy Implementations in Enterprise Networks
NETCOM '09 Proceedings of the 2009 First International Conference on Networks & Communications
Hi-index | 0.00 |
The security management of a typical enterprise network, comprises of several network zones, is usually governed by the organizational security policy. The policy defines the service accesses (permit/deny) between various network zones. The security implementation attempts to realize the policy through sets of access control lists (ACLs) in the network interfaces. This paper presents a framework for generating the correct implementation model, given the organizational security policy and underlying network topology. There are two major challenges, namely, (i) deriving the conflict-free model of the organizational security policy and (ii) extraction of the correct ACL distributions for the network. The framework formally models the organizational security policy and generates the conflict-free policy model by resolving the policy rule conflicts. Then, ACL implementation model is extracted based on the conflict-free policy model and the underlying network topology. The efficacy of the proposed framework has been demonstrated through a case study.