Skip to Main content Skip to Navigation
Conference papers

Model-Driven Extraction and Analysis of Network Security Policies

Abstract : Firewalls are a key element in network security. They are in charge of filtering the traffic of the network in compliance with a number of access-control rules that enforce a given security policy. In an always-evolving context, where security policies must often be updated to respond to new security requirements, knowing with precision the policy being enforced by a network system is a critical information. Otherwise, we risk to hamper the proper evolution of the system and compromise its security. Unfortunately, discovering such enforced policy is an error-prone and time consuming task that requires low-level and, often, vendor-specific expertise since firewalls may be configured using different languages and conform to a complex network topology. To tackle this problem, we propose a model-driven reverse engineering approach able to extract the security policy implemented by a set of firewalls in a working network, easing the understanding, analysis and evolution of network security policies.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-00869319
Contributor : Salvador Martínez <>
Submitted on : Wednesday, October 2, 2013 - 11:36:30 PM
Last modification on : Friday, May 7, 2021 - 4:58:04 PM

Identifiers

  • HAL Id : hal-00869319, version 1

Citation

Salvador Martinez Perez, García-Alfaro Joaquin, Cuppens Frédéric, Nora Cuppens-Boulahia, Jordi Cabot. Model-Driven Extraction and Analysis of Network Security Policies. Model-Driven Engineering Languages and Systems - 16th International Conference, MODELS 2013, Sep 2013, Miami, United States. pp.52-68. ⟨hal-00869319⟩

Share

Metrics

Record views

724