DocumentCode
26471
Title
Quantifying and Verifying Reachability for Access Controlled Networks
Author
Liu, Alex X. ; Khakpour, Amir R.
Author_Institution
Dept. of Comput. Sci. & Eng., Michigan State Univ., East Lansing, MI, USA
Volume
21
Issue
2
fYear
2013
fDate
Apr-13
Firstpage
551
Lastpage
565
Abstract
Quantifying and querying network reachability is important for security monitoring and auditing as well as many aspects of network management such as troubleshooting, maintenance, and design. Although attempts to model network reachability have been made, feasible solutions to computing network reachability have remained unknown. In this paper, we propose a suite of algorithms for quantifying reachability based on network configurations [mainly Access Control Lists (ACLs)] as well as solutions for querying network reachability. We present a network reachability model that considers connectionless and connection-oriented transport protocols, stateless and stateful routers/firewalls, static and dynamic NAT, PAT, IP tunneling, etc. We implemented the algorithms in our network reachability tool called Quarnet and conducted experiments on a university network. Experimental results show that the offline computation of reachability matrices takes a few hours, and the online processing of a reachability query takes 0.075 s on average.
Keywords
authorisation; reachability analysis; telecommunication network management; telecommunication security; transport protocols; ACL; Quarnet; access control lists; access controlled networks; computing network reachability; connection oriented transport protocols; network management; quantifying reachability; querying network reachability; security monitoring; stateful firewalls; stateful routers; stateless firewalls; stateless routers; verifying reachability; Computational modeling; IP networks; Middleboxes; Network topology; Protocols; Routing; Security; Algorithms; configuration; network reachability;
fLanguage
English
Journal_Title
Networking, IEEE/ACM Transactions on
Publisher
ieee
ISSN
1063-6692
Type
jour
DOI
10.1109/TNET.2012.2203144
Filename
6247485
Link To Document