Cart (Loading....) | Create Account
Close category search window
 

Policy Based Security Analysis in Enterprise Networks: A Formal Approach

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Bera, P. ; Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur, India ; Ghosh, S.K. ; Dasgupta, P.

In a typical enterprise network, there are several sub-networks or network zones corresponding to different departments or sections of the organization. These zones are interconnected through set of Layer-3 network devices (or routers). The service accesses within the zones and also with the external network (e.g., Internet) are usually governed by a enterprise-wide security policy. This policy is implemented through appropriate set of access control lists (ACL rules) distributed across various network interfaces of the enterprise network. Such networks faces two major security challenges, (i) conflict free representation of the security policy, and (ii) correct implementation of the policy through distributed ACL rules. This work presents a formal verification framework to analyze the security implementations in an enterprise network with respect to the organizational security policy. It generates conflict-free policy model from the enterprise-wide security policy and then formally verifies the distributed ACL implementations with respect to the conflict-free policy model. The complexity in the verification process arises from extensive use of temporal service access rules and presence of hidden service access paths in the networks. The proposed framework incorporates formal modeling of conflict-free policy specification and distributed ACL implementation in the network and finally deploys Boolean satisfiability (SAT) based verification procedure to check the conformation between the policy and implementation models.

Published in:

Network and Service Management, IEEE Transactions on  (Volume:7 ,  Issue: 4 )

Date of Publication:

December 2010

Need Help?


IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.