Generating policy based security implementation in enterprise network: a formal framework

Authors:
Padmalochan Bera;Soumya Maity;Soumya Kanti Ghosh
Affiliations:
Indian Institute of Technology, Kharagpur, India, Kharagpur, India;Indian Institute of Technology, Kharagpur, India, Kharagpur, India;Indian Institute of Technology, Kharagpur, India, Kharagpur, India
Venue:
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Year:
2010

Citing 9
Cited 0

Temporal logic

Handbook of logic in artificial intelligence and logic programming (Vol. 4)
Automatic analysis of firewall and network intrusion detection system configurations

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Firmato: A novel firewall management toolkit

ACM Transactions on Computer Systems (TOCS)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
On the Safety and Efficiency of Firewall Policy Deployment

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Specifications of a high-level conflict-free firewall policy language for multi-domain networks

Proceedings of the 12th ACM symposium on Access control models and technologies
A Formal Model for Network-Wide Security Analysis

ECBS '08 Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems
Formal Verification of Security Policy Implementations in Enterprise Networks

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Fault Analysis of Security Policy Implementations in Enterprise Networks

NETCOM '09 Proceedings of the 2009 First International Conference on Networks & Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

The security management of a typical enterprise network, comprises of several network zones, is usually governed by the organizational security policy. The policy defines the service accesses (permit/deny) between various network zones. The security implementation attempts to realize the policy through sets of access control lists (ACLs) in the network interfaces. This paper presents a framework for generating the correct implementation model, given the organizational security policy and underlying network topology. There are two major challenges, namely, (i) deriving the conflict-free model of the organizational security policy and (ii) extraction of the correct ACL distributions for the network. The framework formally models the organizational security policy and generates the conflict-free policy model by resolving the policy rule conflicts. Then, ACL implementation model is extracted based on the conflict-free policy model and the underlying network topology. The efficacy of the proposed framework has been demonstrated through a case study.