Title :
A Verification framework for Analyzing Security Implementations in an Enterprise LAN
Author :
Bera, P. ; Dasgupta, Pallab ; Ghosh, Soumya K.
Author_Institution :
Sch. of Inf. Technol., Indian Inst. of Technol., Kharagpur
Abstract :
In a typical local area network (LAN), the global security policies, often defined in abstract form, are implemented through a set of access control rules (ACL) placed in a distributed fashion to the access switches of its sub-networks. Proper enforcement of the global security policies of the network demands well-defined policy specification as a whole as well as correct implementation of the policies in various interfaces. But, ensuring correctness of the implementation manually is hard due to the complex security policies and presence of hidden access paths in the network. This paper presents a formal verification framework to verify the security implementations in a LAN with respect to a defined security policy. The proposed framework stems from formal models of network security policy specifications, device-specific security implementations, and deploys verification supported by SAT based procedures. The novelty of the work lies in the analysis of the hidden access paths, which plays a significant role in correct security implementations.
Keywords :
authorisation; business process re-engineering; computability; local area networks; SAT based procedures; access control rules; enterprise LAN; local area network; security implementations; security policies; verification framework; Access control; Computer science; Computer security; Formal verification; Information analysis; Information security; Information technology; Integrated circuit modeling; Local area networks; Switches;
Conference_Titel :
Advance Computing Conference, 2009. IACC 2009. IEEE International
Conference_Location :
Patiala
Print_ISBN :
978-1-4244-2927-1
Electronic_ISBN :
978-1-4244-2928-8
DOI :
10.1109/IADCC.2009.4809153
