• DocumentCode
    462230
  • Title

    Aggregating and Deploying Network Access Control Policies

  • Author

    Alfaro, Joaquín G. ; Cuppens, Frédéric ; Cuppens-Boulahia, Nora

  • Author_Institution
    Univ. Oberta de Catalunya, Barcelona
  • fYear
    2007
  • fDate
    10-13 April 2007
  • Firstpage
    532
  • Lastpage
    542
  • Abstract
    The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies - potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules - easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies
  • Keywords
    authorisation; computer networks; authorization; filtering routers; firewalls; network access control policies; security components; signal inconsistency; Access control; Error correction; Filtering; Information security; Information systems; Management information systems; Permission; Proposals; Recycling; XML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    0-7695-2775-2
  • Type

    conf

  • DOI
    10.1109/ARES.2007.34
  • Filename
    4159845
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=462230