Model-Driven Extraction and Analysis of Network Security Policies

Abstract : Firewalls are a key element in network security. They are in charge of filtering the traffic of the network in compliance with a number of access-control rules that enforce a given security policy. In an always-evolving context, where security policies must often be updated to respond to new security requirements, knowing with precision the policy being enforced by a network system is a critical information. Otherwise, we risk to hamper the proper evolution of the system and compromise its security. Unfortunately, discovering such enforced policy is an error-prone and time consuming task that requires low-level and, often, vendor-specific expertise since firewalls may be configured using different languages and conform to a complex network topology. To tackle this problem, we propose a model-driven reverse engineering approach able to extract the security policy implemented by a set of firewalls in a working network, easing the understanding, analysis and evolution of network security policies.
Type de document :
Communication dans un congrès
Model-Driven Engineering Languages and Systems - 16th International Conference, MODELS 2013, Sep 2013, Miami, United States. 8107, pp.52-68, 2013, LNCS (Lecture Notes in Computer Science). 〈http://dx.doi.org/10.1007/978-3-642-41533-3_4〉
Liste complète des métadonnées

https://hal.inria.fr/hal-00869319
Contributeur : Salvador Martínez Pérez <>
Soumis le : mercredi 2 octobre 2013 - 23:36:30
Dernière modification le : mercredi 11 juillet 2018 - 07:50:23

Identifiants

  • HAL Id : hal-00869319, version 1

Citation

Salvador Martínez Pérez, García-Alfaro Joaquin, Cuppens Frédéric, Cuppens-Boulahia Nora, Jordi Cabot. Model-Driven Extraction and Analysis of Network Security Policies. Model-Driven Engineering Languages and Systems - 16th International Conference, MODELS 2013, Sep 2013, Miami, United States. 8107, pp.52-68, 2013, LNCS (Lecture Notes in Computer Science). 〈http://dx.doi.org/10.1007/978-3-642-41533-3_4〉. 〈hal-00869319〉

Partager

Métriques

Consultations de la notice

417