Symbolic analysis of network security policies using rewrite systems

Tony Bourdier 1 Horatiu Cirstea 1
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : First designed to enable private networks to be opened up to the outside world in a secure way, the growing complexity of organizations make firewalls indispensable to control information flow within a company. The central role they hold in the security of the organization information make their management a critical task and that is why for years many works have focused on checking and analyzing firewalls. The composition of firewalls, taking into account routing rules, has nevertheless often been neglected. In this paper, we propose to specify all components of a firewall, ie filtering and translation rules, as a rewrite system. We show that such specifications allow us to handle usual problems such as comparison, structural analysis and query analysis. We also propose a formal way to describe the composition of firewalls (including routing) in order to build a whole network security policy. The properties of the obtained rewrite system are strongly related to the properties of the specified networks and thus, classical theoretical and practical tools can be used to obtain relevant security properties of the security policies.
Type de document :
Communication dans un congrès
Symposium on Principles and Practices of Declarative Programming, Jul 2011, Odense, Denmark. ACM, pp.77-88, 2011, 〈http://portal.acm.org/citation.cfm?id=2003489&CFID=37282707&CFTOKEN=28592488〉. 〈10.1145/2003476.2003489〉
Liste complète des métadonnées

Littérature citée [27 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00567858
Contributeur : Tony Bourdier <>
Soumis le : mercredi 20 avril 2011 - 09:14:38
Dernière modification le : jeudi 11 janvier 2018 - 06:22:10
Document(s) archivé(s) le : jeudi 8 novembre 2012 - 16:55:15

Fichier

ppdp11.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Tony Bourdier, Horatiu Cirstea. Symbolic analysis of network security policies using rewrite systems. Symposium on Principles and Practices of Declarative Programming, Jul 2011, Odense, Denmark. ACM, pp.77-88, 2011, 〈http://portal.acm.org/citation.cfm?id=2003489&CFID=37282707&CFTOKEN=28592488〉. 〈10.1145/2003476.2003489〉. 〈inria-00567858v2〉

Partager

Métriques

Consultations de la notice

199

Téléchargements de fichiers

143