Title :
A specification method for analyzing fine grained network security mechanism configurations
Author :
Hicham, El Khoury ; Romain, Laborde ; Francois, B. ; Abdelmalek, Benzekri ; Maroun, Chamoun
Author_Institution :
IRIT, Univ. Paul Sabatier, Toulouse, France
Abstract :
Quick evolution, heterogeneity, interdependence between equipment, and many other factors induce high complexity to network security analysis. Although several approaches have proposed different analysis tools, achieving this task requires experienced and proficient security administrators who can handle all these parameters. The challenge is not to propose a temporary solution but to offer a building block for this large domain, though no approach can be optimal for all tasks. In previous papers, we have proposed a novel formal model of equipment configuration built on data flow attribute-based approach to detect network security conflicts. In this paper, we extend the previous proposed model in order to make it more generic by proving it can handle microscopic analysis. We define a formal analysis method for network security mechanisms. Therefore, we specify our approach in Colored Petri Networks to automate the conflicts analysis and test it on a fine-grained firewall scenario.
Keywords :
Petri nets; data flow analysis; formal specification; telecommunication security; colored Petri networks; conflicts analysis; data flow attribute based approach; equipment configuration; fine grained network security mechanism configurations; formal analysis method; microscopic analysis; security administrators; specification method; Data models; IP networks; Image color analysis; Ports (Computers); Protocols; Routing; Security; Colored Petri Nets; conflict detection; formal specification; security; security configurations;
Conference_Titel :
Communications and Network Security (CNS), 2013 IEEE Conference on
Conference_Location :
National Harbor, MD
DOI :
10.1109/CNS.2013.6682764
