DocumentCode :
2197255
Title :
A Query based Formal Security Analysis Framework for Enterprise LAN
Author :
Bera, P. ; Maity, Soumya ; Ghosh, S.K. ; Dasgupta, Pallab
Author_Institution :
Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur, India
fYear :
2010
fDate :
June 29 2010-July 1 2010
Firstpage :
407
Lastpage :
414
Abstract :
The complex security constraints in present day enterprise networks (wired or wireless LAN) demand formal analysis of security policy configurations deployed in the network. One of the needs of a network administrator is to evaluate network service accesses through appropriate queries. The security policy is represented as set of rules for allowing/denying various service accesses through the network and may have spatio-temporal access constraints. The role-based access control (RBAC) mechanisms can also be deployed to strengthen the security perimeter. This paper presents a query based security analysis framework for enterprise networks. It evaluates various service access queries which returns the set of services allowed between specified source and destination network zones under spatio-temporal RBAC constraints. The framework includes (i) a distributed network security policy management system; (ii) a formal model for representing the network topology and STRBAC policy configurations; (iii) a query processing module for analyzing the access model with various queries. The queries are evaluated through a SAT based decision procedure. The framework is applicable for both wired and wireless networks.
Keywords :
authorisation; business communication; computer network security; formal verification; local area networks; network topology; query processing; telecommunication network management; SAT based decision procedure; STRBAC policy configurations; complex security constraints; destination network zones; distributed network security policy management system; enterprise LAN; enterprise networks; formal security analysis; network administrator; network service accesses; network topology; query processing; role-based access control; security perimeter; security policy configurations; service access queries; spatio-temporal access; Access control; Analytical models; IP networks; Local area networks; Servers; Wireless networks; Access Control; Formal Method; Network Security; Wireless LAN;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-7547-6
Type :
conf
DOI :
10.1109/CIT.2010.96
Filename :
5578175
Link To Document :
بازگشت