Quantifying and Verifying Reachability for Access Controlled Networks

Liu, Alex X.; Khakpour, Amir R.

doi:10.1109/tnet.2012.2203144

Cited by 18 publications

(19 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unessential details about the traffic control devices such as firewalls, switches and routers, will be omitted in the following, as well as the techniques for computing the reachability of nodes, since the theory, data structures and algorithms presented in [40] fit in well with our framework and have been borrowed consequently. In particular, our model takes into account the same network elements at the basis of the methodology of [40], and we assume that the whole network reachability has already been computed by means of [40], and is available through simple queries.…”

Section: The Implementation Partmentioning

confidence: 99%

“…In particular, our model takes into account the same network elements at the basis of the methodology of [40], and we assume that the whole network reachability has already been computed by means of [40], and is available through simple queries. This implies that our view of the network is static, that is its connectivity properties are not affected by the actions of players.…”

Section: The Implementation Partmentioning

confidence: 99%

“…A single rule for a specific device may not include all the elements in the table, and wildcards are also allowed. We will not discuss filtering rules in more details in this paper, since we rely on [40] for the network reachability computation. Such a rule format is general, and contains the union of the fields needed in firewall rules, switch rules, and so on.…”

Section: System Descriptionmentioning

confidence: 99%

“…(15) returns a pair consisting of a datalink address dla and a network address na such that na is bound to dla for some physical port of ω ★ . According to the approach presented in [40], we also assume that the network reachability has already been computed and stored in a suitable database that can simply be queried. Thus the general query in Eq.…”

Section: Labeled Transition Systemmentioning

confidence: 99%

See 3 more Smart Citations

A twofold model for the analysis of access control policies in industrial networked systems

Bertolotti

Durante

Seno

et al. 2015

Computer Standards & Interfaces

View full text Add to dashboard Cite

Section: The Implementation Partmentioning

confidence: 99%

Section: The Implementation Partmentioning

confidence: 99%

Section: System Descriptionmentioning

confidence: 99%

Section: Labeled Transition Systemmentioning

confidence: 99%

See 2 more Smart Citations

A twofold model for the analysis of access control policies in industrial networked systems

Bertolotti

Durante

Seno

et al. 2015

Computer Standards & Interfaces

View full text Add to dashboard Cite

“…In the last years, various testing techniques have been proposed. Some of them (e.g., [27], [28], [29]) analyze the configuration of traditional networks and are hard to extend to SDN controller verification, e.g., because bound to specific network protocols. Others propose testing frameworks targeted to SDN (e.g., [30], [16]).…”

Section: Related Workmentioning

confidence: 99%

Towards test-driven software defined networking

LeBrun

Vissicchio

Bonaventure

2014

2014 IEEE Network Operations and Management Symposium (NOMS)

View full text Add to dashboard Cite

Abstract-To configure, troubleshoot and operate their networks, operators often have no alternatives than relying on error-prone manual procedures. The emerging Software Defined Networking paradigm opens new possibilities for more structured networking methodologies. We argue that provably-effective practices can be borrowed from more developed engineering fields, especially software engineering.In this paper, we propose an adaptation of test-driven software development methodologies to software defined networks (SDNs). To support our methodological guidelines, we propose an expressive requirement formalization language. Further, we describe a prototype tool able to check the compliance of an SDN controller with requirements expressed in the proposed language.Our evaluation of the prototype shows promising results on the practical viability of our approach.

show abstract

Privacy Preserving Quantification of Cross-Domain Network Reachability

Liu¹,

Li²

2020

Algorithms for Data and Computation Privacy

View full text Add to dashboard Cite

Network reachability is an important characteristic for understanding end-to-end network behavior and helps in detecting violations of security policies across the network. While quantifying network reachability within one administrative domain is a difficult problem in itself, performing the same computation across a network spanning multiple administrative domains presents a novel challenge. The problem of quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies of individual domains is a serious concern and needs to be protected through this process. In this paper, we propose the first cross-domain privacy-preserving protocol for quantifying network reachability. Our protocol constructs equivalent representations of the Access Control List (ACL) rules and determines network reachability while preserving the privacy of the individual ACLs. This protocol can accurately determine the network reachability along a network path through different administrative domains. We have implemented and evaluated our protocol on both real and synthetic ACLs. The experimental results show that the online processing time of an ACL containing thousands of rules is less than 25 s. Given two ACLs, each containing thousands of rules, the comparison time is less than 6 s, and the total communication cost is less than 2100 kB.

show abstract

Quantifying and Verifying Reachability for Access Controlled Networks

Cited by 18 publications

References 17 publications

A twofold model for the analysis of access control policies in industrial networked systems

A twofold model for the analysis of access control policies in industrial networked systems

Towards test-driven software defined networking

Privacy Preserving Quantification of Cross-Domain Network Reachability

Contact Info

Product

Resources

About