• DocumentCode
    2759388
  • Title

    A generic data flow security model

  • Author

    Hicham, El Khoury ; Romain, Laborde ; François, Barrère ; Abdelmalek, Benzekri ; Maroun, Chamoun

  • Author_Institution
    IRIT, Univ. Paul Sabatier, Toulouse, France
  • fYear
    2011
  • fDate
    Oct. 31 2011-Nov. 1 2011
  • Firstpage
    1
  • Lastpage
    2
  • Abstract
    Network security policy enforcement consists in configuring heterogeneous security mechanisms (IPsec gateways, ACLs on routers, stateful firewalls, proxies, etc) that are available in a given network environment. The complexity of this task resides in the number, the nature, and the interdependence of the mechanisms. We propose in this paper a formal data flow model focused on detecting multi-layer inconsistencies between security mechanisms. This model is independent from specific security mechanisms to admit the security technology diversity and evolution.
  • Keywords
    IP networks; computer network security; internetworking; ACL; IPsec gateways; formal data flow model; generic data flow security model; heterogeneous security mechanisms; multilayer inconsistency detection; network security policy enforcement; proxies; routers; security technology diversity; stateful firewalls; technology evolution; Cryptography; Data models; Fires; IP networks; Logic gates; Protocols; data flow modeling; network security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Configuration Analytics and Automation (SAFECONFIG), 2011 4th Symposium on
  • Conference_Location
    Arlington, VA
  • Print_ISBN
    978-1-4673-0401-6
  • Electronic_ISBN
    978-1-4673-0400-9
  • Type

    conf

  • DOI
    10.1109/SafeConfig.2011.6111671
  • Filename
    6111671
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2759388