Security components such as firewalls, IDS and IPS, are the mainstay and the most widely adopted technology for protecting networks. These security components are configured according to a global security policy. An error in a security policy either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which, in turn, could lead to irreparable consequences. It has been observed that most security policies on the Internet are poorly designed and have many misconfigurations. In this paper, we propose a formal process to specify, verify and correct the security policy using the decision tree formalism, which consists of four steps. First, we define the security policy specifications and write it in a natural language. Second, the security policy will be translated into a formal language. Third, we verify the security policy correctness. If this latter is plugged with anomalies, we correct it in the last step.
CITATION STYLE
Ben Ftima, F., Karoui, K., & Ben Ghezala, H. (2017). A formal approach for network security policy relevancy checking. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10394 LNCS, pp. 555–564). Springer Verlag. https://doi.org/10.1007/978-3-319-64701-2_42
Mendeley helps you to discover research relevant for your work.