Digitale Bibliotheek
Sluiten Bladeren door artikelen uit een tijdschrift
 
<< vorige    volgende >>
     Tijdschrift beschrijving
       Alle jaargangen van het bijbehorende tijdschrift
         Alle afleveringen van het bijbehorende jaargang
           Alle artikelen van de bijbehorende aflevering
                                       Details van artikel 6 van 10 gevonden artikelen
 
 
  FORMAL ANALYSIS OF SECURITY POLICY IMPLEMENTATIONS IN ENTERPRISE NETWORKS
 
 
Titel: FORMAL ANALYSIS OF SECURITY POLICY IMPLEMENTATIONS IN ENTERPRISE NETWORKS
Auteur: P Bera
Pallab Dasgupta
S K Ghosh
Verschenen in: International journal of computer networks & communications
Paginering: Jaargang 1 (2009) nr. 2 pagina's 56-73
Jaar: 2009
Inhoud: The management of security, operations and services in large scale enterprise networks is becomingmore difficult due to complex security policies of the organizations and also due to dynamic changes innetwork topologies. Typically, the global security policy of an enterprise network is implemented in adistributed fashion through appropriate sets of access control rules (ACL rules) across various interfaceswitches (layer 3 switches) in the network. In such networks, verification of the ACL implementationswith respect to the security policies is a major technical challenge to the network administrators. This isdifficult to achieve manually, because of the complex policy constraints (temporal access constraints)and the presence of hidden access paths in the network which may in turn violate one or more policyrules implicitly. The inconsistent hidden access paths may be formed due to transitive relationshipsbetween implemented service access paths in the network. Moreover, the complexity of the problem iscompounded due to dynamic changes in network topologies. In any point of time, the failure of thenetwork interfaces or links may change the network topology as a result alternative routing paths can beformed for forwarding various service packets. Hence, the existing security implementation (distributionof ACL rules) may not satisfy the policies. In this paper, a fault analysis module is incorporated alongwith the verification framework which as a whole can derive a correct ACL implementation with respectto a given security policy specification and can ensure that a correct security implementation is faulttolerant to certain number of link failures. The verification module can find the correct securityimplementation and the fault analysis module can find the number of link failures the existing securityimplementation can tolerate and still satisfy the security policy of the network.
Uitgever: Academy & Industry Research Collaboration Center (provided by DOAJ)
Bronbestand: Elektronische Wetenschappelijke Tijdschriften
 
 

                             Details van artikel 6 van 10 gevonden artikelen
 
<< vorige    volgende >>
 
 Koninklijke Bibliotheek - Nationale Bibliotheek van Nederland