A Formal Approach to Network Segmentation. Issue 103 (April 2021)
- Record Type:
- Journal Article
- Title:
- A Formal Approach to Network Segmentation. Issue 103 (April 2021)
- Main Title:
- A Formal Approach to Network Segmentation
- Authors:
- Mhaskar, Neerja
Alabbad, Mohammed
Khedri, Ridha - Abstract:
- Abstract: Network segmentation or compartmentalization, and layered protection are two strategies that are critical in building a secure network. In the literature, layered protection has been formalized and termed as the Defence in Depth (DD) strategy. However, network segmentation has been described vaguely, and without any formal approach, thus making the secure design of large networks unwieldy. In this paper, we formally define network segmentation using a formalism based on product family algebra and guarded commands. Then we propose two algorithms that take a set of resources and their access control policies as input and output a robust network topology and the policies of its firewalls. The firewall policies are computed based on the network segmentation formalism and are strategically placed in the network to achieve DD. Further, we use the proposed algorithms to build Software Defined Networks (SDN) and discuss its use in dynamic networks and Internet of Things.
- Is Part Of:
- Computers & security. Issue 103(2021)
- Journal:
- Computers & security
- Issue:
- Issue 103(2021)
- Issue Display:
- Volume 103, Issue 103 (2021)
- Year:
- 2021
- Volume:
- 103
- Issue:
- 103
- Issue Sort Value:
- 2021-0103-0103-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-04
- Subjects:
- Computer network security -- Network architecture -- Network segmentation -- Layered protection -- Defence in depth -- Product family algebra -- Guarded commands -- Software defined networks
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2020.102162 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 15804.xml