2008 Third International Conference on Availability, Reliability and Security
A Model for Specification and Validation of Security Policies in Communication Networks: The Firewall Case
March 04-March 07
ISBN: 978-0-7695-3102-1
A security policy constitutes one of the major actors in the protection of communication networks. For this, and in order to manage the access grants in accordance with the security constraints, a security policy has to be validated before its deployment. Unfortunately, in the literature, there is no well established validation mechanisms ensuring the wellfounded of such security policies. This paper proposes a validation framework for security policies where: (1) executable specifications are used to build an ‘Executable Security Policy’, (2) a validation model is proposed to support the validation activity, and (3) a validation of the executable security policy is performed. The main contributions provided by this paper concerns the adaptation of some concepts and mechanisms traditionally used in software engineering for validation aims, such as specification, executable specification or reachability graph. All the definitions made in this paper have been proposed in accordance with the firewall case.
Citation:
Ryma Abbassi, Sihem Guemara El Fatmi, "A Model for Specification and Validation of Security Policies in Communication Networks: The Firewall Case," ares, pp.467-472, 2008 Third International Conference on Availability, Reliability and Security, 2008
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb