Verifiable Policy-Defined Networking Using Metagraphs

“…Reachability between the source and target sets in a metagraph is defined by the existence of (valid) metapaths between the two. Additionally, metapaths have a dominance property which can be used to determine redundant components (edges or elements) [15]. Once identified, those components can be safely removed from the policies.…”

“…We use its formal foundations to verify whether the actual deployment of a policy (i.e., its implementation) matches its initial specification. We rely on this structure since, by design, it provides means to locate conflicts and avoid redundancy [15]. Metagraphs provide more fine-grained verification process than with other structures like usual graphs.…”

“…Policy analysis mainly deals with policy evaluation and anomaly analysis: checking for errors like incorrect policy specifications, conflicts and sub-optimizations affecting either a single policy or a set of policies [3] being the primary research topic. Works in this area use different techniques to achieve this goal, such as model checking [17], [18], binary decision diagrams [19], graph theory [20], Deterministic Finite State Automata (DFSA) [21], First Order Logic (FOL) [22], geometrical models [23], answer set programming [24], petri nets [25] and metagraphs [15]. Policy evaluation instead deals with checking whether a request is satisfied by a set of policies.…”

“…Verification is achieved by translating the properties into a boolean satisfiability problem and using a SAT solver, whereas we use metagraphs which come with a useful visual representation of the policies. On the other hand, even though metagraphs have emerged as one of the most suited tool for representing and reasoning about policies, they are still underused with only few existing works in the literature [15], [16], [28]- [30]. Basu and Blanning [16] compiled all the research on metagraphs up until 2007 in a book, which is the reference for general metagraph theory and applications.…”

“…They do not verify policy implementations against their specifications. Closer to our contribution, Ranathunga et al [15] use metagraphs to model network policies for distributed firewalls. In particular, they use specific metagraph properties to detect redundancies and conflicts in those policies.…”

Verification of Cloud Security Policies

“…Reachability between the source and target sets in a metagraph is defined by the existence of (valid) metapaths between the two. Additionally, metapaths have a dominance property which can be used to determine redundant components (edges or elements) [15]. Once identified, those components can be safely removed from the policies.…”

“…We use its formal foundations to verify whether the actual deployment of a policy (i.e., its implementation) matches its initial specification. We rely on this structure since, by design, it provides means to locate conflicts and avoid redundancy [15]. Metagraphs provide more fine-grained verification process than with other structures like usual graphs.…”

“…Policy analysis mainly deals with policy evaluation and anomaly analysis: checking for errors like incorrect policy specifications, conflicts and sub-optimizations affecting either a single policy or a set of policies [3] being the primary research topic. Works in this area use different techniques to achieve this goal, such as model checking [17], [18], binary decision diagrams [19], graph theory [20], Deterministic Finite State Automata (DFSA) [21], First Order Logic (FOL) [22], geometrical models [23], answer set programming [24], petri nets [25] and metagraphs [15]. Policy evaluation instead deals with checking whether a request is satisfied by a set of policies.…”

“…Verification is achieved by translating the properties into a boolean satisfiability problem and using a SAT solver, whereas we use metagraphs which come with a useful visual representation of the policies. On the other hand, even though metagraphs have emerged as one of the most suited tool for representing and reasoning about policies, they are still underused with only few existing works in the literature [15], [16], [28]- [30]. Basu and Blanning [16] compiled all the research on metagraphs up until 2007 in a book, which is the reference for general metagraph theory and applications.…”

“…They do not verify policy implementations against their specifications. Closer to our contribution, Ranathunga et al [15] use metagraphs to model network policies for distributed firewalls. In particular, they use specific metagraph properties to detect redundancies and conflicts in those policies.…”

Verification of Cloud Security Policies

Interpretable prison term prediction with reinforce learning and attention

Malicious URL Detection using Logistic Regression