Assessing network authorization policies via reachability analysis. (November 2017)
- Record Type:
- Journal Article
- Title:
- Assessing network authorization policies via reachability analysis. (November 2017)
- Main Title:
- Assessing network authorization policies via reachability analysis
- Authors:
- Basile, Cataldo
Canavese, Daniele
Pitscheider, Christian
Lioy, Antonio
Valenza, Fulvio - Abstract:
- Abstract: Evaluating if a computer network only permits allowed business operations without transmitting unwanted or malicious traffic is a crucial security task. Reachability analysis – the process that evaluates allowed communications – is a tool useful not only to discover security issues but also to identify network misconfigurations. This paper presents a novel approach to quantify network reachability based on the concept of equivalent firewall – a fictitious device, ideally connected directly to the communicating peers and whose policy summarizes the network behaviour between them – that can be queried to derive reachability information. We build equivalent firewalls by using a mathematical model that supports a large variety of network security controls (like NAT, NAPT, tunnels and filters up to the application layer) and allows an accurate analysis. The presented approach is efficient and highly scalable, as confirmed by tests with a large corporate network as well as synthetic networks.
- Is Part Of:
- Computers & electrical engineering. Volume 64(2017)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 64(2017)
- Issue Display:
- Volume 64, Issue 2017 (2017)
- Year:
- 2017
- Volume:
- 64
- Issue:
- 2017
- Issue Sort Value:
- 2017-0064-2017-0000
- Page Start:
- 110
- Page End:
- 131
- Publication Date:
- 2017-11
- Subjects:
- Network reachability -- Authorization policies -- Security policy assessment -- Network modelling -- Security assessment -- Vulnerability analysis -- Infrastructure security modelling -- Risk analysis and management
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2017.02.019 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 5401.xml