Skip to Main content Skip to Navigation
Conference papers

Model-Driven Extraction and Analysis of Network Security Policies

Abstract : Firewalls are a key element in network security. They are in charge of filtering the traffic of the network in compliance with a number of access-control rules that enforce a given security policy. In an always-evolving context, where security policies must often be updated to respond to new security requirements, knowing with precision the policy being enforced by a network system is a critical information. Otherwise, we risk to hamper the proper evolution of the system and compromise its security. Unfortunately, discovering such enforced policy is an error-prone and time consuming task that requires low-level and, often, vendor-specific expertise since firewalls may be configured using different languages and conform to a complex network topology. To tackle this problem, we propose a model-driven reverse engineering approach able to extract the security policy implemented by a set of firewalls in a working network, easing the understanding, analysis and evolution of network security policies.
Document type :
Conference papers
Complete list of metadata
Contributor : Salvador Martínez Connect in order to contact the contributor
Submitted on : Wednesday, October 2, 2013 - 11:36:30 PM
Last modification on : Wednesday, April 27, 2022 - 3:56:26 AM


  • HAL Id : hal-00869319, version 1


Salvador Martinez Perez, García-Alfaro Joaquin, Cuppens Frédéric, Nora Cuppens-Boulahia, Jordi Cabot. Model-Driven Extraction and Analysis of Network Security Policies. Model-Driven Engineering Languages and Systems - 16th International Conference, MODELS 2013, Sep 2013, Miami, United States. pp.52-68. ⟨hal-00869319⟩



Record views