Title :
Verification of security policy filtering rules by Model Checking
Author :
Kotenko, Igor ; Polubelova, Olga
Author_Institution :
St. Petersburg Inst. for Inf. & Autom. of Russian Acad. of Sci. (SPIIRAS), St. Petersburg, Russia
Abstract :
One of the very important tasks, a computer network (or security) administrator has to fulfill under constructing a (distributed) firewall security policy, is to guarantee the absence of inconsistencies (or anomalies) and possibility to implement the policy in the given network configuration. The paper outlines an approach to verification of filtering rules of firewalls. The approach is intended for detection and resolution of filtering anomalies in the specification of security policy of computer networks. It is based on Model Checking technique. The paper proposes the models of computer networks, the models of firewalls and filtering anomalies, as well as an algorithm of detection of such anomalies. We suggest also a method for verification of filtering rules based on the mentioned models. The main peculiarities of the approach consist in using Model Checking exactly to detect the anomalies of filtering rules and in ability to specify temporal parameters in filtering rules.
Keywords :
authorisation; computer network security; formal verification; anomalies detection; computer networks; firewall security policy; model checking; network configuration; security policy filtering rules; verification; Computational modeling; Computer networks; Data models; Filtering; Fires; Security; Unified modeling language; anomalies of filtering rules; model checking; network security; verification;
Conference_Titel :
Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2011 IEEE 6th International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4577-1426-9
DOI :
10.1109/IDAACS.2011.6072862
