A generic data flow security model

Network security policy enforcement consists in configuring heterogeneous security mechanisms (IPsec gateways, ACLs on routers, stateful firewalls, proxies, etc) that are available in a given network environment. The complexity of this task resides in the number, the nature, and the interdependence...

Full description

Saved in:
Bibliographic Details
Main Authors: Hicham, E.-K, Romain, L., Francois, B., Abdelmalek, B., Maroun, C.
Format: Conference Proceeding
Language:English
Subjects:
Cryptography
data flow modeling
Data models
Fires
IP networks
Logic gates
network security
Protocols
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network security policy enforcement consists in configuring heterogeneous security mechanisms (IPsec gateways, ACLs on routers, stateful firewalls, proxies, etc) that are available in a given network environment. The complexity of this task resides in the number, the nature, and the interdependence of the mechanisms. We propose in this paper a formal data flow model focused on detecting multi-layer inconsistencies between security mechanisms. This model is independent from specific security mechanisms to admit the security technology diversity and evolution.
DOI:10.1109/SafeConfig.2011.6111671