Skip to Main content Skip to Navigation
Conference papers

A model-driven approach for the extraction of network access-control policies

Salvador Martínez 1 García-Alfaro Joaquin 2, 3 Cuppens Frédéric 2, 3 Nora Cuppens-Boulahia 2, 3 Jordi Cabot 1 
1 ATLANMOD - Modeling Technologies for Software Production, Operation, and Evolution
LINA - Laboratoire d'Informatique de Nantes Atlantique, Département informatique - EMN, Inria Rennes – Bretagne Atlantique
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : Network security constitutes a critical concern when developing and maintaining nowadays corporate information systems. Firewalls are a key element of network security by filtering the traffic of the network in compliance with a number of access control rules that enforce a given security policy. Unfortunately, once implemented, and due to the complexity of firewall configuration languages and the underlying network topology, knowing which security policy is actually being enforced by the network system is a complex and time consuming task that requires low-level and, often, vendor- specific expertise. In an always-evolving context, where security policies are often updated to respond to new security requirements, this discovery phase becomes critical since it could hamper the proper evolution of the system and compromise its security. To tackle this problem, our approach generates an abstract model of the firewall configurations in a network that facilitates the understanding and evolution of network security policies.
Document type :
Conference papers
Complete list of metadata
Contributor : Salvador Martínez Connect in order to contact the contributor
Submitted on : Friday, September 21, 2012 - 10:29:01 AM
Last modification on : Wednesday, April 27, 2022 - 4:16:39 AM


  • HAL Id : hal-00734230, version 1


Salvador Martínez, García-Alfaro Joaquin, Cuppens Frédéric, Nora Cuppens-Boulahia, Jordi Cabot. A model-driven approach for the extraction of network access-control policies. Model-Driven Security Workshop, Nora Koch, Alexander Knapp, Geri Georg, Marina Egea, Benoit Baudry, Oct 2012, Innsbruck, Austria. ⟨hal-00734230⟩



Record views