Multi-Constraint Security Policies for Delegated Firewall Administration

Cassio Ditzel Kropiwiec Edgard Jamhour Manoel Camillo De Oliveira Penna Neto Guy Pujolle 1
1 Phare
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : This work presents a new approach to policy representation of network security. It introduces a high-level language, where the security policies can be expressed by three policy models: mandatory, discretionary and security property. The proposed framework is capable of handling all three dimensions, being capable of generating the permissions from an abstract representation that is independent of how they are enforced, without violating the requirements of high-level security. Each dimension can be defined by people with different roles; for example, rules of the mandatory model and of the security property model could be attributed to the personnel of risk management, while rules of the discretionary model can be delegated among the network administrators in various departments of the organization. This work also presents a mechanism to represent the features implemented by different firewall models and a mechanism for translating the abstract representation in the scripts to configure the firewalls. A formal specification of the policy model validates the refinement algorithm and a study of scalability is presented to demonstrate how the algorithm behaves in large networks.
Type de document :
Article dans une revue
International Journal of Network Management, Wiley, 2011, 21 (6), pp.469-493. 〈10.1002/nem.774〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01167813
Contributeur : Lip6 Publications <>
Soumis le : mercredi 24 juin 2015 - 17:29:30
Dernière modification le : jeudi 21 mars 2019 - 13:11:16

Lien texte intégral

Identifiants

Citation

Cassio Ditzel Kropiwiec, Edgard Jamhour, Manoel Camillo De Oliveira Penna Neto, Guy Pujolle. Multi-Constraint Security Policies for Delegated Firewall Administration. International Journal of Network Management, Wiley, 2011, 21 (6), pp.469-493. 〈10.1002/nem.774〉. 〈hal-01167813〉

Partager

Métriques

Consultations de la notice

104