loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Dinesha Ranathunga 1 ; Matthew Roughan 1 ; Phil Kernick 2 and Nick Falkner 3

Affiliations: 1 School of Mathematical Sciences and University of Adelaide, Australia ; 2 CQR Consulting, Australia ; 3 University of Adelaide, Australia

ISBN: 978-989-758-196-0

Keyword(s): Network-security, Zone-Conduit Model, Security Policy, Policy Graph.

Related Ontology Subjects/Areas/Topics: Critical Infrastructure Protection ; Formal Methods for Security ; Information and Systems Security ; Network Security ; Wireless Network Security

Abstract: A common requirement in policy specification languages is the ability to map policies to the underlying network devices. Doing so, in a provably correct way, is important in a security policy context, so administrators can be confident of the level of protection provided by the policies for their networks. Existing policy languages allow policy composition but lack formal semantics to allocate policy to network devices. Our research tackles this from first principles: we ask how network policies can be described at a high-level, independent of vendor and network minutiae. We identify the algebraic requirements of the policy-mapping process and propose semantic foundations to formally verify if a policy is implemented by the correct set of policy-arbiters. We show the value of our proposed algebras in maintaining concise network-device configurations by applying them to real-world networks.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.227.249.234

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Ranathunga, D.; Roughan, M.; Kernick, P. and Falkner, N. (2016). The Mathematical Foundations for Mapping Policies to Network Devices.In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 197-206. DOI: 10.5220/0005946201970206

@conference{secrypt16,
author={Dinesha Ranathunga. and Matthew Roughan. and Phil Kernick. and Nick Falkner.},
title={The Mathematical Foundations for Mapping Policies to Network Devices},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={197-206},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005946201970206},
isbn={978-989-758-196-0},
}

TY - CONF

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - The Mathematical Foundations for Mapping Policies to Network Devices
SN - 978-989-758-196-0
AU - Ranathunga, D.
AU - Roughan, M.
AU - Kernick, P.
AU - Falkner, N.
PY - 2016
SP - 197
EP - 206
DO - 10.5220/0005946201970206

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.