• DocumentCode
    1961548
  • Title

    Improved Reachability Analysis for Security Management

  • Author

    Basile, Cataldo ; Canavese, D. ; Lioy, Antonio ; Pitscheider, C.

  • Author_Institution
    Dip. di Autom. e Inf., Politec. di Torino, Turino, Italy
  • fYear
    2013
  • fDate
    Feb. 27 2013-March 1 2013
  • Firstpage
    534
  • Lastpage
    541
  • Abstract
    Network reachability analysis evaluates the actual connectivity of an IT infrastructure. It can be performed by active network probing or examining a formal model of a target IT infrastructure. The latter approach is preferable as it does not interfere with the normal network behaviour and can be easily used during development and change management phases. In this paper we propose a novel modelling approach based on a geometric representation of device configurations (i.e. the policies) which allows the computation of the reachability analysis using the concept of equivalent firewall. An equivalent firewall is a fictitious device, ideally connected directly to the communication endpoints, that summarizes the network behaviour between them. Our model supports routing, filtering and address translation devices in a computationally effective way. In fact, the experimental results show that the computation of equivalent firewalls is performed in a negligible time and that then the reachability queries are answered in few seconds.
  • Keywords
    computer network management; firewalls; geometry; reachability analysis; telecommunication network routing; IT infrastructure; active network probing; change management phases; communication endpoints; development phases; device configurations; equivalent firewall; fictitious device; formal model; geometric representation; modelling approach; network behaviour; network filtering; network reachability analysis; network routing; normal network behaviour; reachability queries; security management; translation devices; Computational modeling; IP networks; Performance evaluation; Reachability analysis; Routing; Security; Servers; NAPT; NAT; geometric model; reachability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Parallel, Distributed and Network-Based Processing (PDP), 2013 21st Euromicro International Conference on
  • Conference_Location
    Belfast
  • ISSN
    1066-6192
  • Print_ISBN
    978-1-4673-5321-2
  • Electronic_ISBN
    1066-6192
  • Type

    conf

  • DOI
    10.1109/PDP.2013.86
  • Filename
    6498602