Reliable Process for Security Policy Deployment
Stere Preda, Nora Cuppens-Boulahia, Frederic Cuppens, Joaquin, Garcia-Alfaro, and Laurent Toutain
TL;DR
This paper presents a formal, automated approach for deploying security policies to network devices, ensuring consistency and reducing administrator workload.
Contribution
It introduces a method to formally specify security requirements and automatically compile them into device configurations, improving reliability and clarity.
Findings
Formal specification of security policies reduces ambiguities.
Automated deployment guarantees anomaly-free configurations.
Simplifies security management process.
Abstract
We focus in this paper on the problem of configuring and managing network security devices, such as Firewalls, Virtual Private Network (VPN) tunnels, and Intrusion Detection Systems (IDSs). Our proposal is the following. First, we formally specify the security requirements of a given system by using an expressive access control model. As a result, we obtain an abstract security policy, which is free of ambiguities, redundancies or unnecessary details. Second, we deploy such an abstract policy through a set of automatic compilations into the security devices of the system. This proposed deployment process not only simplifies the security administrator's job, but also guarantees a resulting configuration free of anomalies and/or inconsistencies.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Packet Processing and Optimization · Access Control and Trust · Mobile Agent-Based Network Management