Generating policy based security implementation in enterprise network: a formal framework

  • Authors:
  • Padmalochan Bera;Soumya Maity;Soumya Kanti Ghosh

  • Affiliations:
  • Indian Institute of Technology, Kharagpur, India, Kharagpur, India;Indian Institute of Technology, Kharagpur, India, Kharagpur, India;Indian Institute of Technology, Kharagpur, India, Kharagpur, India

  • Venue:
  • Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

The security management of a typical enterprise network, comprises of several network zones, is usually governed by the organizational security policy. The policy defines the service accesses (permit/deny) between various network zones. The security implementation attempts to realize the policy through sets of access control lists (ACLs) in the network interfaces. This paper presents a framework for generating the correct implementation model, given the organizational security policy and underlying network topology. There are two major challenges, namely, (i) deriving the conflict-free model of the organizational security policy and (ii) extraction of the correct ACL distributions for the network. The framework formally models the organizational security policy and generates the conflict-free policy model by resolving the policy rule conflicts. Then, ACL implementation model is extracted based on the conflict-free policy model and the underlying network topology. The efficacy of the proposed framework has been demonstrated through a case study.