Synthesizing optimal security configurations for enterprise networks : a formal approach

Author

Majhi, S.K. ; Bera, P. ; Kumar, S. ; Al-Shaer, Ehab ; Satpathy, M.

Author_Institution

Indian Inst. of Technol., Bhubaneswar, Bhubaneswar, India

fYear

2014

Firstpage

1

Lastpage

7

Abstract

In this paper, we present NetSecSlider, an automated framework for synthesizing network configurations exploring various security and safety design alternatives. The design alternatives include distribution of different level of isolations (firewall, IPSec, etc.) and safety enforcement process (e.g. tampering of network flow) in the network. NetSecSlider takes the network topology, organizational security and safety requirements and business constraints as input, and synthesizes a correct and optimal security configuration. Finally, it determines the optimal placement of enabling devices in the network. The framework uses (i) a SMT solver for finding the correct and optimal security configuration and (ii) a method for determining the optimal placement of devices. The framework is evaluated on different networks with varying security and safety requirements.

Keywords

security of data; NetSecSlider; automated framework; business constraints; enterprise networks; formal approach; network configuration synthesis; network topology; optimal security configuration; organizational security; safety enforcement process; safety requirements; synthesizing optimal security configurations;

fLanguage

English

Publisher

iet

Conference_Titel

System Safety and Cyber Security (2014), ??????9th IET International Conference on

Print_ISBN

978-1-84919-940-7

Type

conf

Filename

7111732