Fault Analysis of Security Policy Implementations in Enterprise Networks

The configuration and management of security policies in enterprise networks becoming hard due to complex policy constraints of the organizations and dynamic changes in the network topologies. Typically, the organizational security policy is defined as a collection of rules for allowing/denying service accesses between various network zones. Implementation of the policy is realized in a distributed fashion through appropriate sets of access control rules (ACL) in the interface switches (Layer-3 routers) of the network. The verification of the ACL implementations with respect to the security policy is a major technical challenge to the network administrators. This is due to organizational complex security needs and presence of inconsistent hidden service access paths in the network which may in turn violate one or more policy rules implicitly. The problem becomes more complex due to changes in network topologies. In any point of time, the failure of the network interfaces (links) may change the network topology as a result alternative routing paths can be formed. Hence, the existing security implementation (distribution of ACL rules) may not conform to the policy. In this paper, a fault analysis module has been proposed over a formal verification framework which as a whole can derive a correct ACL implementation with respect to a given policy specification and can ensure that the correct implementation is fault tolerant to certain number of link failures. The basis of the fault analysis module is representing the network topology and the existing ACL implementation as a graph based network access model.