By Topic

A Model for Specification and Validation of Security Policies in Communication Networks: The Firewall Case

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Ryma Abbassi ; CN&S Res. Lab., Univ. of November 7th at Carthage, Carthage ; Sihem Guemara El Fatmi

A security policy constitutes one of the major actors in the protection of communication networks. For this, and in order to manage the access grants in accordance with the security constraints, a security policy has to be validated before its deployment. Unfortunately, in the literature, there is no well established validation mechanisms ensuring the well founded of such security policies. This paper proposes a validation framework for security policies where: (1) executable specifications are used to build an 'Executable Security Policy', (2) a validation model is proposed to support the validation activity, and (3) a validation of the executable security policy is performed. The main contributions provided by this paper concerns the adaptation of some concepts and mechanisms traditionally used in software engineering for validation aims, such as specification, executable specification or reachability graph. All the definitions made in this paper have been proposed in accordance with the firewall case.

Published in:

Availability, Reliability and Security, 2008. ARES 08. Third International Conference on

Date of Conference:

4-7 March 2008