2013
DOI: 10.1007/978-3-642-41533-3_4
|View full text |Cite
|
Sign up to set email alerts
|

Model-Driven Extraction and Analysis of Network Security Policies

Abstract: Abstract. Firewalls are a key element in network security. They are in charge of filtering the traffic of the network in compliance with a number of access-control rules that enforce a given security policy. In an always-evolving context, where security policies must often be updated to respond to new security requirements, knowing with precision the policy being enforced by a network system is a critical information. Otherwise, we risk to hamper the proper evolution of the system and compromise its security. … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2015
2015
2020
2020

Publication Types

Select...
2
2
1

Relationship

1
4

Authors

Journals

citations
Cited by 6 publications
(8 citation statements)
references
References 16 publications
0
8
0
Order By: Relevance
“…Martínez et al [20] propose a model-driven reverse engineering approach to obtain a Platform-Independent Model (PIM) of the global AC policy in a network. The approach uses the firewalls configuration files in the system to extract all AC rules.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Martínez et al [20] propose a model-driven reverse engineering approach to obtain a Platform-Independent Model (PIM) of the global AC policy in a network. The approach uses the firewalls configuration files in the system to extract all AC rules.…”
Section: Related Workmentioning
confidence: 99%
“…MDE is an emerging and promising paradigm having the potential to overcome such issues (e.g., platforms heterogeneity, inconsistent security specification). All the more so that recently MDE has successfully been applied to adaptive and distributed systems, by the model@runtime approach [2] as well as in model-driven security [1,20]. MDE can help in designing correct communications and secure systems by abstracting network and security features.…”
Section: Introductionmentioning
confidence: 99%
“…As a preliminary step for our approach we require the policies of each component to be represented in the form of abstract models, from where the complexity arising from the specificities of a given vendor or implementation technology is eliminated and only the AC information is present. This requirement is met by several previous work that investigate the recovery of accesscontrol policies from diverse components [11,13,12]. The outputs of those works are to be the inputs of our approach.…”
Section: Approachmentioning
confidence: 99%
“…Concretely, for the CMS we will define attributes extending the core concepts of XACML following the types defined in [13] and then combining its use with the use of the RBAC profile. As for the firewalls, several mappings to use as a basis for the profile exists, including the use of roles [4] or not [12]. We decide to extend the latter to include domain concepts (as host, zone, protocol, etc), discarding the discovery/creation of implicit roles.…”
Section: Translation To Xacml and Profilesmentioning
confidence: 99%
See 1 more Smart Citation