Theoretical Computer Science
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Handbook of Knowledge Representation
Handbook of Knowledge Representation
Model Checking Firewall Policy Configurations
POLICY '09 Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks
Communication and mobility control in boxed ambients
Information and Computation
Automatic Conformance Verification of Distributed Firewalls to Security Requirements
SOCIALCOM '10 Proceedings of the 2010 IEEE Second International Conference on Social Computing
Hi-index | 0.00 |
Firewalls are a prerequisite for securing any communication network. In cloud computing environments, virtual machines are dynamically and frequently migrated across data centers. This frequent modification in the topology requires frequent reconfiguration of security appliances, particularly firewalls. In this paper, we address the issue of security policy preservation in a distributed firewall configuration within a highly dynamic context. Thus, we propose a systematic procedure to verify security compliance of firewall policies after VM migration. First, the distributed firewall configurations in the involved data centers are defined according to the network topology expressed using Cloud Calculus. Then, these configurations are expressed as propositional constraints and used to build a verification model based on the constraint satisfaction problem framework, which allows reasoning on security policy preservation. Finally, we present a case study inspired from Amazon EC2 to show the applicability and usefulness of our approach.