A model-driven approach for the extraction of network access-control policies

Salvador Martínez 1 García-Alfaro Joaquin 2, 3 Cuppens Frédéric 2, 3 Cuppens-Boulahia Nora 2, 3 Jordi Cabot 1
1 ATLANMOD - Modeling Technologies for Software Production, Operation, and Evolution
LINA - Laboratoire d'Informatique de Nantes Atlantique, Département informatique - EMN, Inria Rennes – Bretagne Atlantique
3 Lab-STICC_TB_CID_SFIIS
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : Network security constitutes a critical concern when developing and maintaining nowadays corporate information systems. Firewalls are a key element of network security by filtering the traffic of the network in compliance with a number of access control rules that enforce a given security policy. Unfortunately, once implemented, and due to the complexity of firewall configuration languages and the underlying network topology, knowing which security policy is actually being enforced by the network system is a complex and time consuming task that requires low-level and, often, vendor- specific expertise. In an always-evolving context, where security policies are often updated to respond to new security requirements, this discovery phase becomes critical since it could hamper the proper evolution of the system and compromise its security. To tackle this problem, our approach generates an abstract model of the firewall configurations in a network that facilitates the understanding and evolution of network security policies.
Type de document :
Communication dans un congrès
Model-Driven Security Workshop, Oct 2012, Innsbruck, Austria. 2012, 〈http://mdsec2012.pst.ifi.lmu.de/accepted_papers/mdsec2012_submission_15.pdf〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00734230
Contributeur : Salvador Martínez Pérez <>
Soumis le : vendredi 21 septembre 2012 - 10:29:01
Dernière modification le : vendredi 7 décembre 2018 - 01:49:42

Identifiants

  • HAL Id : hal-00734230, version 1

Citation

Salvador Martínez, García-Alfaro Joaquin, Cuppens Frédéric, Cuppens-Boulahia Nora, Jordi Cabot. A model-driven approach for the extraction of network access-control policies. Model-Driven Security Workshop, Oct 2012, Innsbruck, Austria. 2012, 〈http://mdsec2012.pst.ifi.lmu.de/accepted_papers/mdsec2012_submission_15.pdf〉. 〈hal-00734230〉

Partager

Métriques

Consultations de la notice

663