Academic
Publications
Complete analysis of configuration rules to guarantee reliable network security policies

Complete analysis of configuration rules to guarantee reliable network security policies,10.1007/s10207-007-0045-7,International Journal of Informatio

Complete analysis of configuration rules to guarantee reliable network security policies   (Citations: 19)
BibTex | RIS | RefWorks Download
The use of different network security compo- nents, such as firewalls and network intrusion detection systems (NIDSs), is the dominant method to monitor and guarantee the security policy in current corporate networks. To properly configure these components, it is necessary to use several sets of security rules. Nevertheless, the existence of anomalies between those rules, particularly in distributed multi-component scenarios, is very likely to degrade the net- work security policy. The discovery and removal of these anomalies is a serious and complex problem to solve. In this paper, we present a complete set of mechanisms for such a management.
Journal: International Journal of Information Security , vol. 7, no. 2, pp. 103-122, 2008
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...Alfaro et al. [2] ont utilisé une approche similaire à Al-...

    Hicham El Khouryet al. Towards a Formal Data Flow Oriented Model for Network Security Policie...

    • ...[rfc 3198]) are such examples, a challenging problem persists: proving the deployment process to be correct with respect to some initial target security properties and ensuring that no ambiguities (e.g., inconsistencies [13]) are added within this process...
    • ...Our proposal avoids, moreover, the existence of inconsistencies derived from the deployment [13]...
    • ...case, some network security aspects (e.g., no security anomalies are introduced during the deployment of the policies [13])...
    • ...We propose a refinement process that guarantees anomaly-free configurations ([13])...
    • ...As we avoid the intra- and inter-component anomalies ([13]), there may be unaccomplished security requirements because of a deficient security device capability...

    Stere Predaet al. Model-Driven Security Policy Deployment: Property Oriented Approach

    • ...The policies in network security components are analyzed in [6, 7]. Feng Huang proposes a Description Logic based method for detecting conflicts between access control policies in [8], but the relative resolution method is not mentioned...
    • ...Current solutions only manage actual conflicts [4-6] but they are unable to resolve potential conflicts, which are the coexistence of policies that lead to some conflicts if their associated conditions are simultaneously satisfied...
    • ...Though the redundancy conflict has no influence in the enforcement of the access control policies [8], it should be paid much attention to, for the reason that a redundant policy often reflects a mistake through describing security requirements [6]...

    Yigong Wanget al. Conflicts analysis and resolution for access control policies

    • ...Recently, policy anomaly detection has received a great deal of attention [5, 6, 8, 9, 29]...
    • ...However, FIREMAN also has limitations in detecting anomalies [8]...
    • ...There exist a number of algorithms and tools designed to assist system administrators in managing and analyzing firewall policies [5, 6, 8, 9, 20, 29]...

    Hongxin Huet al. FAME: a firewall anomaly management environment

    • ...Many algorithms with these goals have been proposed earlier [5, 6, 10]...
    • ...The result of the identification part of the process can be used to automatically correct the ACL using schemas such as the one proposed in [6]...
    • ...Several algorithms with different complexities can be used to give a minimal diagnosis [5, 6, 15]...
    • ...García-Alfaro et al [6], where they integrated the decorrelation, consistency diagnosis, and characterization algorithms (including redundancy) of Al-Shaer, proposal plus an automatic ACL correction, in only one step...

    Sergio Pozoet al. A Quadratic, Complete, and Minimal Consistency Diagnosis Process for F...

Sort by: