Title :
A generic data flow security model
Author :
Hicham, El Khoury ; Romain, Laborde ; François, Barrère ; Abdelmalek, Benzekri ; Maroun, Chamoun
Author_Institution :
IRIT, Univ. Paul Sabatier, Toulouse, France
fDate :
Oct. 31 2011-Nov. 1 2011
Abstract :
Network security policy enforcement consists in configuring heterogeneous security mechanisms (IPsec gateways, ACLs on routers, stateful firewalls, proxies, etc) that are available in a given network environment. The complexity of this task resides in the number, the nature, and the interdependence of the mechanisms. We propose in this paper a formal data flow model focused on detecting multi-layer inconsistencies between security mechanisms. This model is independent from specific security mechanisms to admit the security technology diversity and evolution.
Keywords :
IP networks; computer network security; internetworking; ACL; IPsec gateways; formal data flow model; generic data flow security model; heterogeneous security mechanisms; multilayer inconsistency detection; network security policy enforcement; proxies; routers; security technology diversity; stateful firewalls; technology evolution; Cryptography; Data models; Fires; IP networks; Logic gates; Protocols; data flow modeling; network security;
Conference_Titel :
Configuration Analytics and Automation (SAFECONFIG), 2011 4th Symposium on
Conference_Location :
Arlington, VA
Print_ISBN :
978-1-4673-0401-6
Electronic_ISBN :
978-1-4673-0400-9
DOI :
10.1109/SafeConfig.2011.6111671