Title :
Quantifying and Verifying Reachability for Access Controlled Networks
Author :
Liu, Alex X. ; Khakpour, Amir R.
Author_Institution :
Dept. of Comput. Sci. & Eng., Michigan State Univ., East Lansing, MI, USA
Abstract :
Quantifying and querying network reachability is important for security monitoring and auditing as well as many aspects of network management such as troubleshooting, maintenance, and design. Although attempts to model network reachability have been made, feasible solutions to computing network reachability have remained unknown. In this paper, we propose a suite of algorithms for quantifying reachability based on network configurations [mainly Access Control Lists (ACLs)] as well as solutions for querying network reachability. We present a network reachability model that considers connectionless and connection-oriented transport protocols, stateless and stateful routers/firewalls, static and dynamic NAT, PAT, IP tunneling, etc. We implemented the algorithms in our network reachability tool called Quarnet and conducted experiments on a university network. Experimental results show that the offline computation of reachability matrices takes a few hours, and the online processing of a reachability query takes 0.075 s on average.
Keywords :
authorisation; reachability analysis; telecommunication network management; telecommunication security; transport protocols; ACL; Quarnet; access control lists; access controlled networks; computing network reachability; connection oriented transport protocols; network management; quantifying reachability; querying network reachability; security monitoring; stateful firewalls; stateful routers; stateless firewalls; stateless routers; verifying reachability; Computational modeling; IP networks; Middleboxes; Network topology; Protocols; Routing; Security; Algorithms; configuration; network reachability;
Journal_Title :
Networking, IEEE/ACM Transactions on
DOI :
10.1109/TNET.2012.2203144
