DocumentCode :
3433776
Title :
Quantifying and Querying Network Reachability
Author :
Khakpour, Amir R. ; Liu, Alex X.
Author_Institution :
Dept. of Comput. Sci. & Eng., Michigan State Univ., East Lansing, MI, USA
fYear :
2010
fDate :
21-25 June 2010
Firstpage :
817
Lastpage :
826
Abstract :
Quantifying and querying network reachability is important for security monitoring and auditing as well as many aspects of network management such as troubleshooting, maintenance, and design. Although attempts to model network reachability have been made, feasible solutions to computing network reachability have remained unknown. In this paper, we propose a suite of algorithms for quantifying reachability based on network configurations (mainly ACLs) as well as solutions for querying network reachability. We present a comprehensive network reachability model that considers connectionless and connection-oriented transport protocols, stateless and stateful routers/firewalls, static and dynamic NAT, PAT, etc. We implemented the algorithms in our network reachability analysis tool called Quarnet and conducted experiments on a university network. Experimental results show that the offline computation of reachability matrices takes a few hours and the online processing of a reachability query takes 0.075 seconds on average.
Keywords :
authorisation; computer network security; graph theory; matrix algebra; query processing; reachability analysis; Quarnet; access control lists; computing network reachability; connection oriented transport protocols; network management; network reachability quantification; network reachability query; online query processing; reachability matrix computation; security auditing; security monitoring; stateful firewalls; stateful routers; stateless firewalls; stateless routers; university network; Access control; Computer network management; Computer networks; Computer security; Debugging; Network address translation; Privacy; Reachability analysis; Routing; Telecommunication traffic; Access control lists; Network Access Control; Network Reachability; firewalls; network configuration;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Distributed Computing Systems (ICDCS), 2010 IEEE 30th International Conference on
Conference_Location :
Genova
ISSN :
1063-6927
Print_ISBN :
978-1-4244-7261-1
Type :
conf
DOI :
10.1109/ICDCS.2010.15
Filename :
5541621
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3433776
بازگشت