MIRAGE: a management tool for the analysis and deployment of network security policies

Authors:
Joaquin Garcia-Alfaro;Frédéric Cuppens;Nora Cuppens-Boulahia;Stere Preda
Affiliations:
Institut Télécom, Télécom Bretagne, Cesson-Sévigné, France;Institut Télécom, Télécom Bretagne, Cesson-Sévigné, France;Institut Télécom, Télécom Bretagne, Cesson-Sévigné, France;Institut Télécom, Télécom Bretagne, Cesson-Sévigné, France
Venue:
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Year:
2010

Citing 15
Cited 0

Role-Based Access Control Models

Computer
The B-book: assigning programs to meanings

The B-book: assigning programs to meanings
Formal Characterizations of Active Databases: Part II

DOOD '97 Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Aggregating and Deploying Network Access Control Policies

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Complete analysis of configuration rules to guarantee reliable network security policies

International Journal of Information Security
Semantic context aware security policy deployment

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Towards filtering and alerting rule rewriting on single-component policies

SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Complete redundancy detection in firewalls

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Analysis of policy anomalies on distributed network security setups

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Integration of security policy into system modeling

B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
Model-Driven security policy deployment: property oriented approach

ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Taxonomy of conflicts in network security policies

IEEE Communications Magazine

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present the core functionality of MIRAGE, a management tool for the analysis and deployment of configuration policies over network security components, such as firewalls, intrusion detection systems, and VPN routers. We review the two main functionalities embedded in our current prototype: (1) a bottom-up analysis of already deployed network security configurations and (2) a top-down refinement of global policies into network security component configurations. In both cases, MIRAGE provides intra-component analysis to detect inconsistencies in single component deployments; and inter-component analysis, to detect multi-component deployments which are not consistent. MIRAGE also manages the description of the security architecture topology, to guarantee the proper execution of all the processes.