A model-driven approach for the extraction of network access-control policies

Authors:
Salvador Martínez;Jordi Cabot;Joaquin Garcia-Alfaro;Frédéric Cuppens;Nora Cuppens-Boulahia
Affiliations:
ATLANMOD, & Ecole des Mines de Nantes, INRIA, LINA, Nantes, France;ATLANMOD, & Ecole des Mines de Nantes, INRIA, LINA, Nantes, France;Université Européenne de Bretagne, Cesson Sévigné, France;Université Européenne de Bretagne, Cesson Sévigné, France;Université Européenne de Bretagne, Cesson Sévigné, France
Venue:
Proceedings of the Workshop on Model-Driven Security
Year:
2012

Citing 12
Cited 0

The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Fang: A Firewall Analysis Engine

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Firmato: A novel firewall management toolkit

ACM Transactions on Computer Systems (TOCS)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Inferring higher level policies from firewall rules

LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Complete analysis of configuration rules to guarantee reliable network security policies

International Journal of Information Security
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies

Information and Software Technology
Verified Firewall Policy Transformations for Test Case Generation

ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
CONFIDDENT: A model-driven consistent and non-redundant layer-3 firewall ACL design, development and maintenance framework

Journal of Systems and Software
Transforming models with ATL

MoDELS'05 Proceedings of the 2005 international conference on Satellite Events at the MoDELS
Modeling and Management of Firewall Policies

IEEE Transactions on Network and Service Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network security constitutes a critical concern when developing and maintaining nowadays corporate information systems. Firewalls are a key element of network security by filtering the traffic of the network in compliance with a number of access control rules that enforce a given security policy. Unfortunately, once implemented, and due to the complexity of firewall configuration languages and the underlying network topology, knowing which security policy is actually being enforced by the network system is a complex and time consuming task that requires low-level and, often, vendor-specific expertise. In an always-evolving context, where security policies are often updated to respond to new security requirements, this discovery phase becomes critical since it could hamper the proper evolution of the system and compromise its security. To tackle this problem, our approach generates an abstract model of the firewall configurations in a network that facilitates the understanding and evolution of network security policies.