Title :
Towards an automated firewall security policies validation process
Author :
Abassi, Ryma ; Fatmi, Sihem Guemara El
Author_Institution :
High Sch. of Commun., Univ. of November 7th at Carthage, Carthage
Abstract :
A security policy constitutes one of the major actors in the protection of communication networks. However, it can be one of their weaknesses if it is inadequate according to the network security requirements. For this, a security policy has to be validated before its deployment. Unfortunately, in the literature, there is no well established validation mechanisms ensuring the well founded of such security policies. This paper proposes a validation framework for security policies based on the concept of executable specifications and applied to the firewall case. The main contributions provided by this paper concerns the adaptation of some concepts and mechanisms traditionally used in software engineering for validation aims, such as specification, executable specification or reachability graph.
Keywords :
computer networks; formal specification; telecommunication computing; telecommunication security; automated firewall security policy validation; communication network protection; executable specification; network security requirement; Access control; Communication networks; Communication system security; Formal specifications; IP networks; Information security; Information systems; Proposals; Protection; Software engineering;
Conference_Titel :
Risks and Security of Internet and Systems, 2008. CRiSIS '08. Third International Conference on
Conference_Location :
Tozeur
Print_ISBN :
978-1-4244-3309-4
DOI :
10.1109/CRISIS.2008.4757489
