A data flow-oriented specification method for analysing network security configurations. (1st January 2014)
- Record Type:
- Journal Article
- Title:
- A data flow-oriented specification method for analysing network security configurations. (1st January 2014)
- Main Title:
- A data flow-oriented specification method for analysing network security configurations
- Authors:
- El-Khoury, Hicham
Laborde, Romain
Barrère, François
Benzekri, Abdelmalek
Chamoun, Maroun - Abstract:
- The implementation of a network security policy requires the configuration of heterogeneous and complex security mechanisms (IPsec gateways, ACLs on routers, statefull firewalls, proxies, etc.). The complexity of this task resides in the number, the nature, and the interdependence of these mechanisms. Although several researchers have proposed different analysis tools, achieving this task requires experienced and proficient security administrators who can handle all these parameters. A generic formal theory that allows to reason about network data flows and security mechanisms is missing. In previous articles, we have proposed a formal data-flow-oriented model to detect network security conflicts. In this article, we supplement it with a generic model of equipment configuration constructed on our attribute-based approach. Network security services will be represented by specific atomic abstract functions called 'basic commands' that can modify the data flow. Based on this representation, we define an abstract model of configuration. Therefore, we specify our approach in coloured Petri networks to automate the conflicts detection analysis and test it on NAPT/IPsec scenario.
- Is Part Of:
- International journal of internet protocol technology. Volume 8:Number 2/3(2014)
- Journal:
- International journal of internet protocol technology
- Issue:
- Volume 8:Number 2/3(2014)
- Issue Display:
- Volume 8, Issue 2/3 (2014)
- Year:
- 2014
- Volume:
- 8
- Issue:
- 2/3
- Issue Sort Value:
- 2014-0008-NaN-0000
- Page Start:
- 58
- Page End:
- 76
- Publication Date:
- 2014-01-01
- Subjects:
- data flow-oriented -- specification method -- network security configurations -- network security policy -- security conflict detection -- attribute-based approach -- configuration abstract model -- coloured Petri nets -- CPNs
File Transfer Protocol (Computer network protocol) -- Periodicals
Multicasting (Computer networks) -- Periodicals
004.678 - Journal URLs:
- http://www.inderscience.com/jhome.php?jcode=ijipt ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1743-8209
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8705.xml