Classification and Analysis of Communication Protection Policy Anomalies

TL;DR

This paper classifies communication protection policy anomalies, introduces a new inter-technology anomaly category, and proposes a formal logic-based model for detecting and resolving these anomalies efficiently.

Contribution

It introduces a novel inter-technology anomaly category and a formal logic model for anomaly detection and resolution in communication protection policies.

Findings

Empirical assessment confirms the significance of detecting inter-technology anomalies.

The formal model effectively analyzes network topology and security controls.

Implementation demonstrates good scalability and performance.

Abstract

This paper presents a classification of the anomalies that can appear when designing or implementing communication protection policies. Together with the already known intra- and inter-policy anomaly types, we introduce a novel category, the inter-technology anomalies, related to security controls implementing different technologies, both within the same network node and among different network nodes. Through an empirical assessment, we prove the practical significance of detecting this new anomaly class. Furthermore, this paper introduces a formal model, based on first-order logic rules that analyses the network topology and the security controls at each node to identify the detected anomalies and suggest the strategies to resolve them. This formal model has manageable computational complexity and its implementation has shown excellent performance and good scalability.