A verification framework for analyzing security implementations in an enterprise LAN

Bera, P. ; Dasgupta, Pallab ; Ghosh, S. K. (2009) A verification framework for analyzing security implementations in an enterprise LAN In: 2009 IEEE International Advance Computing Conference, 6-7 March 2009, Thapar University, Patiala, India.

Full text not available from this repository.

Official URL: http://ieeexplore.ieee.org/document/4809153/

Related URL: http://dx.doi.org/10.1109/IADCC.2009.4809153


In a typical local area network (LAN), the global security policies, often defined in abstract form, are implemented through a set of access control rules (ACL) placed in a distributed fashion to the access switches of its sub-networks. Proper Enforcement of the global security policies of the network demands well-defined policy specification as a whole as well as correct implementation of the policies in various interfaces. But, ensuring correctness of the implementation manually is hard due to the complex security policies and presence of hidden access paths in the network. This paper presents a formal verification framework to verify the security implementations in a LAN with respect to a defined security policy. The proposed framework stems from formal models of network security policy specifications, device-specific security implementations, and deploys verification supported by SAT based procedures. The novelty of the work lies in the analysis of the hidden access paths, which plays a significant role in correct security implementations.

Item Type:Conference or Workshop Item (Paper)
Source:Copyright of this article belongs to Institute of Electrical and Electronics Engineers.
Keywords:Local Area Networks; Authorisation; Business Process Re-engineering; Computability
ID Code:101663
Deposited On:12 Dec 2016 10:04
Last Modified:12 Dec 2016 10:06

Repository Staff Only: item control page