Reliable Process for Security Policy Deployment
作者: Joaquin Garcia-Alfaro , Frederic Cuppens , Laurent Toutain , Stere Preda , Nora Cuppens-Boulahia
DOI:
关键词:
摘要: We focus in this paper on the problem of configuring and managing network security devices, such as Firewalls, Virtual Private Network (VPN) tunnels, Intrusion Detection Systems (IDSs). Our proposal is following. First, we formally specify requirements a given system by using an expressive access control model. As result, obtain abstract policy, which free ambiguities, redundancies or unnecessary details. Second, deploy policy through set automatic compilations into devices system. This proposed deployment process not only simplifies administrator's job, but also guarantees resulting configuration anomalies and/or inconsistencies.
harvard.edu
arxiv.org参考文章(8)
Joaquín García-Alfaro, Frédéric Cuppens, Nora Cuppens-Boulahia, Towards Filtering and Alerting Rule Rewriting on Single-Component Policies Lecture Notes in Computer Science. pp. 182- 194 ,(2006) , 10.1007/11875567_14
J. G. Alfaro, F. Cuppens, N. Cuppens-Boulahia, Analysis of Policy Anomalies on Distributed Network Security Setups Computer Security – ESORICS 2006. pp. 496- 511 ,(2006) , 10.1007/11863908_30
Joaquin G. Alfaro, Frederic Cuppens, Nora Cuppens-Boulahia, Aggregating and Deploying Network Access Control Policies availability, reliability and security. pp. 532- 542 ,(2007) , 10.1109/ARES.2007.34
A.A. El Kalam, J. Briffaut, C. Toinard, M. Blanc, Intrusion detection and security policy framework for distributed environments collaboration technologies and systems. pp. 100- 105 ,(2005) , 10.1109/ISCST.2005.1553300
A.A.E. Kalam, R.E. Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miege, C. Saurel, G. Trouessin, Organization based access control ieee international workshop on policies for distributed systems and networks. pp. 120- 131 ,(2003) , 10.1109/POLICY.2003.1206966
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman, Role-based access control models IEEE Computer. ,vol. 29, pp. 38- 47 ,(1996) , 10.1109/2.485845
Christian Toinard, Pierre Courtieu, Patrice Clemente, Mathieu Blanc, Stéphane Franche, Lionel Vessiller, Laurent Oudot, Hardening large-scale networks security through a meta-policy framework ,(2004)
Frédéric Cuppens, Thierry Sans, Nora Cuppens-Boulahia, Alexandre Miège, A Formal Approach to Specify and Deploy a Network Security Policy. formal aspects in security and trust. pp. 203- 218 ,(2004)