A formal approach for network security policy relevancy checking

0Citations
Citations of this article
4Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Security components such as firewalls, IDS and IPS, are the mainstay and the most widely adopted technology for protecting networks. These security components are configured according to a global security policy. An error in a security policy either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which, in turn, could lead to irreparable consequences. It has been observed that most security policies on the Internet are poorly designed and have many misconfigurations. In this paper, we propose a formal process to specify, verify and correct the security policy using the decision tree formalism, which consists of four steps. First, we define the security policy specifications and write it in a natural language. Second, the security policy will be translated into a formal language. Third, we verify the security policy correctness. If this latter is plugged with anomalies, we correct it in the last step.

Cite

CITATION STYLE

APA

Ben Ftima, F., Karoui, K., & Ben Ghezala, H. (2017). A formal approach for network security policy relevancy checking. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10394 LNCS, pp. 555–564). Springer Verlag. https://doi.org/10.1007/978-3-319-64701-2_42

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free