Modeling and Verification of IPSec and VPN Security Policies

Hamed, H.; Al-Shaer, Ehab; Marrero, Will

doi:10.1109/icnp.2005.25

Cited by 90 publications

(57 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…General policy conflict analysis is not a novel problem, but its application in the context of SOA governance policies in this paper is original. Several approaches have been proposed for policy expression and conflict analysis in the context of network management [22], and security [23], but they are based on Binary Decision Diagrams (BDD), forcing the reasoning with less expressive policies than our CSP based proposal.…”

Section: Related Workmentioning

confidence: 99%

WS-Governance: A Policy Language for SOA Governance

Parejo

Fernández

Ruiz–Cortés

2011

Service-Oriented Computing

View full text Add to dashboard Cite

Abstract. The widespread use of Service Oriented Architectures (SOA) is beginning to create problems derived from the governance of said structures. To date there is not a single effective solution to solve all existing challenges to govern this type of infrastructure. This paper describes the problems encountered when designing a SOA governance solution in a real e-Government scenario. More specifically, we focus on problems related to specification and automated analysis of government policies. We propose a novel SOA governance specification model as a solution to these problems. We have named this model WS-Governance. In order to ease its adoption by SOA practitioners it: i) shares WS-Policy guidelines and is compatible with it, ii) has XML serialization as well as a plain-text one and iii) has a CSP based semantics that provides a precise description as well as facilitating the automation of some editing and WS-Governance related activities such as consistency checking.

show abstract

Section: Related Workmentioning

confidence: 99%

WS-Governance: A Policy Language for SOA Governance

Parejo

Fernández

Ruiz–Cortés

2011

Service-Oriented Computing

View full text Add to dashboard Cite

show abstract

“…In [1], the authors analyze firewall rules using an expert system whereas the authors of [8] analyze firewalls with relational algebra. In [3], the authors put forward a model for IPsec and VPN verification. However, these security components (homogenous or heterogeneous) may conflict when they are installed together on a network.…”

Section: Related Workmentioning

confidence: 99%

A Framework for Security Components Anomalies Severity Evaluation and Classification

Karoui¹,

Ftima²,

Ghézala³

2013

IJNSA

View full text Add to dashboard Cite

show abstract

“…Firewall policy anomalies were presented in [8], [9] where a classification of rules conflicts is presented. The analysis was further extended to include multiple firewalls and IPSec policies [10], [11]. In [12], BDDs were also used to model distributed firewalls and discover policy anomalies, with improved complexity.…”

Section: Related Workmentioning

confidence: 99%

End-to-end verification of QoS policies

El-Atawy

Samak

2012

2012 IEEE Network Operations and Management Symposium

View full text Add to dashboard Cite

Abstract-Configuring a large number of routers and network devices to achieve quality of service (QoS) goals is a challenging task. In a differentiated services (DiffServ) environment, traffic flows are assigned specific classes of service, and service level agreements (SLA) are enforced at routers within each domain. We present a model for QoS configurations that facilitates efficient property-based verification. Network configuration is given as a set of policies governing each device. The model efficiently checks the required properties against the current configuration using computation tree logic (CTL) model checking. By symbolically modeling possible decision paths for different flows from source to destination, properties can be checked at each hop, and assessments can be made on how closely configurations adhere to the specified agreement. The model also covers configuration debugging given a specific QoS violation. Efficiency and scalability of the model are analyzed for policy per-hop behavior (PHB) parameters over large network configurations.

show abstract

Modeling and Verification of IPSec and VPN Security Policies

Cited by 90 publications

References 11 publications

WS-Governance: A Policy Language for SOA Governance

WS-Governance: A Policy Language for SOA Governance

A Framework for Security Components Anomalies Severity Evaluation and Classification

End-to-end verification of QoS policies

Contact Info

Product

Resources

About