Verifying Security Policies Using Host Attributes

Diekmann, Cornelius; Posselt, Stephan-A.; Niedermayer, Heiko; Kinkelin, Holger; Hanka, Oliver; Carle, Georg

doi:10.1007/978-3-662-43613-4_9

Cited by 9 publications

(26 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For details on the architecture and working principles of topoS we refer to the original publication [7].…”

Section: Designing the Network With Toposmentioning

confidence: 99%

“…First, Alice collects the entities in her setup: INET , WebApp, WebFrnt, DB , and Log. Now, topoS provides a modular, attribute-based language [7] to specify the security requirements. topoS comes with a pre-defined library of security invariant templates as listed in Table I A template formalizes generic, scenario-independent aspects of a security goal and must be formally defined in topoS using Isabelle/HOL.…”

Section: A Formalizing High-level Security Goalsmentioning

confidence: 99%

“…topoS does not require Alice to assign attributes to all entities. Alice must only provide all securityrelevant information and topoS auto-completes the missing values with provably secure default values [7]. For this scenario, Alice instantiates four invariant templates to define her security goals.…”

Section: A Formalizing High-level Security Goalsmentioning

confidence: 99%

“…A recent study confirms that this problem persists as a "majority of administrators stated misconfiguration as the most common cause of failure" [6]. In addition, not only is implementing a policy error-prone, but also designing it is challenging, even for experienced administrators [7].…”

Section: Introductionmentioning

confidence: 99%

“…Their core functionality can also be reused as a library in further projects. In this article, we will not present the formal background [7], [12], [14], [15], [17], instead, we demonstrate applicability from an operator's point of view; not requiring a single formula.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Agile Network Access Control in the Container Age

Diekmann

Naab

Korsten

et al. 2019

IEEE Trans. Netw. Serv. Manage.

Self Cite

View full text Add to dashboard Cite

Linux Containers, such as those managed by Docker, are an increasingly popular way to package and deploy complex applications. However, the fundamental security primitive of network access control for a distributed microservice deployment is often ignored or left to the network operations team. High-level application-specific security requirements are not appropriately enforced by low-level network access control lists. Apart from coarse-grained separation of virtual networks, Docker neither supports the application developer to specify nor the network operators to enforce fine-grained network access control between containers.In a fictional story, we follow DevOp engineer Alice through the lifecycle of a web application. From the initial design and software engineering through network operations and automation, we show the task expected of Alice and propose tool-support to help. As a full-stack DevOp, Alice is involved in high-level design decisions as well as low-level network troubleshooting. Focusing on network access control, we demonstrate shortcomings in today's policy management and sketch a tool-supported solution. We survey related academic work and show that many existing tools fail to bridge between the different levels of abstractions a full-stack engineer is operating on.Our toolset is formally verified using Isabell/HOL and is available as Open Source.

show abstract

“…For details on the architecture and working principles of topoS we refer to the original publication [7].…”

Section: Designing the Network With Toposmentioning

confidence: 99%

Section: A Formalizing High-level Security Goalsmentioning

confidence: 99%

Section: A Formalizing High-level Security Goalsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Agile Network Access Control in the Container Age

Diekmann

Naab

Korsten

et al. 2019

IEEE Trans. Netw. Serv. Manage.

Self Cite

View full text Add to dashboard Cite

show abstract

Semantics-Preserving Simplification of Real-World Firewall Rule Sets

Diekmann

Hupel

Carle

2015

FM 2015: Formal Methods

Self Cite

View full text Add to dashboard Cite

The security provided by a firewall for a computer network almost completely depends on the rules it enforces. For over a decade, it has been a well-known and unsolved problem that the quality of many firewall rule sets is insufficient. Therefore, there are many tools to analyze them. However, we found that none of the available tools could handle typical, real-world iptables rulesets. This is due to the complex chain model used by iptables, but also to the vast amount of possible match conditions that occur in real-world firewalls, many of which are not understood by academic and open source tools. In this paper, we provide algorithms to transform firewall rulesets. We reduce the execution model to a simple list model and use ternary logic to abstract over all unknown match conditions. These transformations enable existing tools to understand real-world firewall rules, which we demonstrate on four decently-sized rulesets. Using the Isabelle theorem prover, we formally show that all our algorithms preserve the firewall's filtering behavior.

show abstract