Skip to Main content Skip to Navigation
Conference papers

Amélioration de la sécurité des grands réseaux par une infrastructure de méta-politique

Abstract : This paper presents a novel approach where distributed nodes participating to a common infrastructure can modify in a distributed way a Mandatory Access Control policy without any central component. This approach has been designed with the security of large shared networks in mind, such as securing distributed stations connected to the Internet. The local modification enables a node first to adapt its configuration to the application that has to be deployed on that node, and second to react to specific attacks that are detected locally. Moreover, a local approach provides a better fault tolerance since the policy update does not rely on a central component. The general idea is to have a common shared policy including protection rules plus modification rules. A modification rule enables a node first to modify existing protection rules and second to add new types, roles and users in the system in order to define new rules. A modify rule provides also the ability to suppress types, roles and users from the protection rules. So, our approach is to have a meta-control supporting distributed evolutions of local protection rules. This approach is developed as a joint research project with INRIA and FT R&D, called ACI SATIN, where verification techniques will be proposed to verify that the distributed modifications cannot violate the required security properties.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-00083402
Contributor : Mathieu Blanc <>
Submitted on : Friday, June 30, 2006 - 1:22:56 PM
Last modification on : Thursday, March 5, 2020 - 1:36:41 AM

Identifiers

  • HAL Id : hal-00083402, version 1

Citation

Mathieu Blanc, Patrice Clemente, Pierre Courtieu, Stéphane Franche, Laurent Oudot, et al.. Amélioration de la sécurité des grands réseaux par une infrastructure de méta-politique. 11ème Colloque Francophone sur l'Ingénierie des Protocoles (CFIP'2005), Mar 2005, Bordeaux, France. pp.517-530. ⟨hal-00083402⟩

Share

Metrics

Record views

194