Title :
Systematic Deployment of Network Security Policy in Centralized and Distributed Firewalls
Author :
Ben Youssef, Nihel Ben Souayeh ; Bouhoula, Adel
Author_Institution :
Higher Sch. of Commun. of Tunis (Sup´´Com), Univ. of Carthage, Tunis, Tunisia
Abstract :
Firewalls are the most widely adopted technology for protecting private networks. However, most firewalls in Internet have been plagued with policy errors. An important source of errors stem from the lack of automatic tools ensuring a correct deployment of a network security policy expressed in a high level language, into firewall configurations. In this paper, we propose a formal and automatic method for deploying a security policy, written in an expressive language into both centralized and distributed firewall configurations. Further-more, our method verifies that no in coherences exist within the security policy. When inconsistencies are detected, the usual feedback returned permits us to propose a discrepancy resolution approach. Moreover, we propose an approach for optimizing the security policy. The correctness of our method is proved. Finally, it has been implemented in a prototype. The first results are very promising.
Keywords :
authorisation; computer network security; distributed processing; formal verification; optimisation; Internet; automatic method; centralized firewall configuration; discrepancy resolution approach; distributed firewall configuration; expressive language; formal method; inconsistency detection; private networks; security network policy; Coherence; Fires; Optimization; Redundancy; Security; Semantics; Servers; SMT solver; centralized and distributed firewall configuration; computer security; formal verification; network security policy;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4577-1931-8
DOI :
10.1109/PASSAT/SocialCom.2011.92
