A data flow-oriented specification method for analysing network security configurations Online publication date: Wed, 17-Dec-2014
by Hicham El-Khoury; Romain Laborde; François Barrère; Abdelmalek Benzekri; Maroun Chamoun
International Journal of Internet Protocol Technology (IJIPT), Vol. 8, No. 2/3, 2014
Abstract: The implementation of a network security policy requires the configuration of heterogeneous and complex security mechanisms (IPsec gateways, ACLs on routers, statefull firewalls, proxies, etc.). The complexity of this task resides in the number, the nature, and the interdependence of these mechanisms. Although several researchers have proposed different analysis tools, achieving this task requires experienced and proficient security administrators who can handle all these parameters. A generic formal theory that allows to reason about network data flows and security mechanisms is missing. In previous articles, we have proposed a formal data-flow-oriented model to detect network security conflicts. In this article, we supplement it with a generic model of equipment configuration constructed on our attribute-based approach. Network security services will be represented by specific atomic abstract functions called 'basic commands' that can modify the data flow. Based on this representation, we define an abstract model of configuration. Therefore, we specify our approach in coloured Petri networks to automate the conflicts detection analysis and test it on NAPT/IPsec scenario.
Online publication date: Wed, 17-Dec-2014
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Internet Protocol Technology (IJIPT):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email email@example.com