Improved Reachability Analysis for Security Management

Abstract: Network reachability analysis evaluates the actual connectivity of an IT infrastructure. It can be performed by active network probing or examining a formal model of a target IT infrastructure. The latter approach is preferable as it does not interfere with the normal network behaviour and can be easily used during development and change management phases. In this paper we propose a novel modelling approach based on a geometric representation of device configurations (i.e. the policies) which allows the comput… Show more

“…A f i (i 1 ) ⇔ ∃e : e ∈ G 1 ∧ F e (i 1 ) = true (13) In practice, the output of the function F e (i 1 ) can be populated either by means of a network reachability analysis [13] or by using some firewall policy queries [14].…”

Classification and Analysis of Communication Protection Policy Anomalies

“…A f i (i 1 ) ⇔ ∃e : e ∈ G 1 ∧ F e (i 1 ) = true (13) In practice, the output of the function F e (i 1 ) can be populated either by means of a network reachability analysis [13] or by using some firewall policy queries [14].…”

Classification and Analysis of Communication Protection Policy Anomalies

“…Having presented the use of equivalent firewalls, we introduce now the process for constructing them, that is, the underlying network and policy models. Networks are modelled as non-simple graphs 6 and standard algorithms are used to find paths from source to destinations 7 . Each network node may be associated to one or more capabilities, used to indicate the type of security control it implements.…”

“…the number of times that a given rule is applied in a given time period. Finally, we allow specification of conditions on URL domains (UD ), URL paths (UP ), URLs (U ), and browser (B ) that use regular expressions and are supported in the geometric model [6].…”

“…Moreover, the equivalent firewall policy can also be globally inspected to gain a holistic view of allowed and denied communications. A preliminary version of this work was presented in a conference paper [6]. The main improvements over this initial version are the support for tunnelling devices and end-system firewalls, the definition of more precise queries thanks to a richer set of condition types (covering also application layer filters), and more complex Boolean expressions.…”

Assessing network authorization policies via reachability analysis

“…Table 1 presents the keywords and the search string. [11]; [12]; [13]; [14]; [15,16]; [17]; [18]; [19]; [20]; [21]; [22]; [23]; [24]; [25]; [26]; [27]; [28]; [29]; [30]; [31]; [32]; [33]; [34]; [35]; [36]; [37]; [38]; [39]; [40]; [41]; [42]; [43]; [44]; [45]; [44]; [8]; [46]; [47]. Generic and abstract proposals (Top-Level Ontologies) can be found in [48], [3], [49], [50], and [51].…”

A Survey of Security Assessment Ontologies