Policy Based ACL Configuration Synthesis in Enterprise Networks: A Formal Approach

Due to extensive use of network services and applications, most of the enterprise networks today deploy policy based security devices (e.g. routers, firewalls, IPSec etc.) for controlling accesses to network resources based on organizational security policy. The organizational network security policy is becoming more fine-grained, where access control list (ACL) configuration depends on various constraints like, service priority, time, location etc. The major challenge that the network administrators are facing today is to determine the correct access control configurations that satisfy the organizational policy. Throughout the last two decades, a significant amount of research has been done in formally verifying the correctness and consistency of access control policy configurations in enterprise network. However, this bottom-up analysis may not be useful because of its high state-space requirement for large scale networks. In addition, this approach requires repairing sequences of misconfigurations iteratively to meet a specific requirement. This paper presents a framework for synthesizing correct and conflict-free ACL configuration model, given the global organizational security policy and underlying network topology. This framework includes two major functions: (i) deriving the conflict-free model of the organizational security policy, and (ii) extraction of the correct ACL distributions for the network. The framework formally models the organizational security policy and generates the conflict-free policy model by resolving the policy rule conflicts. Then, ACL model is extracted based on the conflict-free policy model and the underlying network topology. The efficacy of the proposed framework has been demonstrated through a case study.