Skip to Main content Skip to Navigation
Conference papers

Hardening large-scale networks security through a meta-policy framework

Abstract : This paper presents a novel approach where distributed nodes participating to a common infrastructure can modify in a distributed way a Mandatory Access Control policy without any central component. This approach is considered for the security of large shared networks such as securing distributed stations connected to the Internet. The local modification enables a node first to adapt its configuration to the application that has to be deployed on that node, and second to react to specific attacks that are detected locally. Moreover, a local approach provides a better fault tolerance since the policy update does not rely on a central component. The general idea is to have a common shared policy including protection rules plus modification rules. A modification rule enables a node first to modify existing protection rules and second to add new types, roles and users in the system in order to define new rules. A modify rule provides also the ability to suppress types, roles and users from the protection rules. So, our approach is to have a metacontrol supporting distributed evolutions of local protection rules. This approach is developed as a joint research project with INRIA and FT R&D, called ACI SATIN, where verification techniques will be proposed to verify that the distributed modifications cannot violate the required security properties.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-00083400
Contributor : Mathieu Blanc <>
Submitted on : Friday, June 30, 2006 - 1:11:29 PM
Last modification on : Thursday, March 5, 2020 - 1:36:41 AM

Identifiers

  • HAL Id : hal-00083400, version 1

Citation

Mathieu Blanc, Patrice Clemente, Pierre Courtieu, Stéphane Franche, Laurent Oudot, et al.. Hardening large-scale networks security through a meta-policy framework. 3rd Workshop on the Internet, Telecommunications and Signal Processing (WITSP'04), Dec 2004, Adelaïde, Australia. pp.132-137. ⟨hal-00083400⟩

Share

Metrics

Record views

262