Role-Based Access Control Models
Computer
The B-book: assigning programs to meanings
The B-book: assigning programs to meanings
Formal Characterizations of Active Databases: Part II
DOOD '97 Proceedings of the 5th International Conference on Deductive and Object-Oriented Databases
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Aggregating and Deploying Network Access Control Policies
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Complete analysis of configuration rules to guarantee reliable network security policies
International Journal of Information Security
Semantic context aware security policy deployment
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Towards filtering and alerting rule rewriting on single-component policies
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Complete redundancy detection in firewalls
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Analysis of policy anomalies on distributed network security setups
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Integration of security policy into system modeling
B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
Model-Driven security policy deployment: property oriented approach
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Taxonomy of conflicts in network security policies
IEEE Communications Magazine
Hi-index | 0.00 |
We present the core functionality of MIRAGE, a management tool for the analysis and deployment of configuration policies over network security components, such as firewalls, intrusion detection systems, and VPN routers. We review the two main functionalities embedded in our current prototype: (1) a bottom-up analysis of already deployed network security configurations and (2) a top-down refinement of global policies into network security component configurations. In both cases, MIRAGE provides intra-component analysis to detect inconsistencies in single component deployments; and inter-component analysis, to detect multi-component deployments which are not consistent. MIRAGE also manages the description of the security architecture topology, to guarantee the proper execution of all the processes.