Title :
A Model for Specification and Validation of Security Policies in Communication Networks: The Firewall Case
Author :
Abassi, Ryma ; El Fatmi, Sihem Guemara
Author_Institution :
CN&S Res. Lab., Univ. of November 7th at Carthage, Carthage
Abstract :
A security policy constitutes one of the major actors in the protection of communication networks. For this, and in order to manage the access grants in accordance with the security constraints, a security policy has to be validated before its deployment. Unfortunately, in the literature, there is no well established validation mechanisms ensuring the well founded of such security policies. This paper proposes a validation framework for security policies where: (1) executable specifications are used to build an ´Executable Security Policy´, (2) a validation model is proposed to support the validation activity, and (3) a validation of the executable security policy is performed. The main contributions provided by this paper concerns the adaptation of some concepts and mechanisms traditionally used in software engineering for validation aims, such as specification, executable specification or reachability graph. All the definitions made in this paper have been proposed in accordance with the firewall case.
Keywords :
authorisation; formal specification; reachability analysis; telecommunication networks; telecommunication security; communication networks; executable specification; firewall; reachability graph; security policies; software engineering; validation framework; Availability; Communication networks; Electronic mail; Mathematical model; Mathematics; Protection; Roentgenium; Security; Software engineering; Telecommunication network reliability;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.124
