A generic data flow security model

A generic data flow security model

Network security policy enforcement consists in configuring heterogeneous security mechanisms (IPsec gateways, ACLs on routers, stateful firewalls, proxies, etc) that are available in a given network environment. The complexity of this task resides in the number, the nature, and the interdependence...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hicham, E.-K, Romain, L., Francois, B., Abdelmalek, B., Maroun, C.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Cryptography
data flow modeling
Data models
Fires
IP networks
Logic gates
network security
Protocols
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Network security policy enforcement consists in configuring heterogeneous security mechanisms (IPsec gateways, ACLs on routers, stateful firewalls, proxies, etc) that are available in a given network environment. The complexity of this task resides in the number, the nature, and the interdependence of the mechanisms. We propose in this paper a formal data flow model focused on detecting multi-layer inconsistencies between security mechanisms. This model is independent from specific security mechanisms to admit the security technology diversity and evolution.
DOI:10.1109/SafeConfig.2011.6111671