Aggregating and deploying network access control policies

Joaquín G. Alfaro; Frédéric Cuppens; Nora Cuppens-Boulahia

doi:10.1109/ARES.2007.34

Aggregating and deploying network access control policies

Joaquín G. Alfaro
, Frédéric Cuppens
, Nora Cuppens-Boulahia

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies -potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules - easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies.

Original language	English
Title of host publication	Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007
Publisher	IEEE Computer Society
Pages	532-539
Number of pages	8
ISBN (Print)	0769527752, 9780769527758
DOIs	https://doi.org/10.1109/ARES.2007.34
Publication status	Published - 1 Jan 2007
Externally published	Yes
Event	2nd International Conference on Availability, Reliability and Security, ARES 2007 - Vienna, Austria Duration: 10 Apr 2007 → 13 Apr 2007

Publication series

Name	Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007

Conference

Conference	2nd International Conference on Availability, Reliability and Security, ARES 2007
Country/Territory	Austria
City	Vienna
Period	10/04/07 → 13/04/07

Access to Document

10.1109/ARES.2007.34

Cite this

Alfaro, J. G., Cuppens, F., & Cuppens-Boulahia, N. (2007). Aggregating and deploying network access control policies. In Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007 (pp. 532-539). (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007). IEEE Computer Society. https://doi.org/10.1109/ARES.2007.34

Alfaro, Joaquín G. ; Cuppens, Frédéric ; Cuppens-Boulahia, Nora. / Aggregating and deploying network access control policies. Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007. IEEE Computer Society, 2007. pp. 532-539 (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007).

@inproceedings{3b38846bba5c42ce82481a40e8dc6e75,

title = "Aggregating and deploying network access control policies",

abstract = "The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies -potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules - easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies.",

author = "Alfaro, \{Joaqu{\'i}n G.\} and Fr{\'e}d{\'e}ric Cuppens and Nora Cuppens-Boulahia",

year = "2007",

month = jan,

day = "1",

doi = "10.1109/ARES.2007.34",

language = "English",

isbn = "0769527752",

series = "Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007",

publisher = "IEEE Computer Society",

pages = "532--539",

booktitle = "Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007",

note = "2nd International Conference on Availability, Reliability and Security, ARES 2007 ; Conference date: 10-04-2007 Through 13-04-2007",

}

Alfaro, JG, Cuppens, F & Cuppens-Boulahia, N 2007, Aggregating and deploying network access control policies. in Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007. Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007, IEEE Computer Society, pp. 532-539, 2nd International Conference on Availability, Reliability and Security, ARES 2007, Vienna, Austria, 10/04/07. https://doi.org/10.1109/ARES.2007.34

Aggregating and deploying network access control policies. / Alfaro, Joaquín G.; Cuppens, Frédéric; Cuppens-Boulahia, Nora.
Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007. IEEE Computer Society, 2007. p. 532-539 (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Aggregating and deploying network access control policies

AU - Alfaro, Joaquín G.

AU - Cuppens, Frédéric

AU - Cuppens-Boulahia, Nora

PY - 2007/1/1

Y1 - 2007/1/1

N2 - The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies -potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules - easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies.

AB - The existence of errors or inconsistencies in the configuration of security components, such as filtering routers and/or firewalls, may lead to weak access control policies -potentially easy to be evaded by unauthorized parties. We present in this paper a proposal to create, manage, and deploy consistent policies in those components in an efficient way. To do so, we combine two main approaches. The first approach is the use of an aggregation mechanism that yields consistent configurations or signals inconsistencies. Through this mechanism we can fold existing policies of a given system and create a consistent and global set of access control rules - easy to maintain and manage by using a single syntax. The second approach is the use of a refinement mechanism that guarantees the proper deployment of such a global set of rules into the system, yet free of inconsistencies.

U2 - 10.1109/ARES.2007.34

DO - 10.1109/ARES.2007.34

M3 - Conference contribution

AN - SCOPUS:34548173265

SN - 0769527752

SN - 9780769527758

T3 - Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007

SP - 532

EP - 539

BT - Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007

PB - IEEE Computer Society

T2 - 2nd International Conference on Availability, Reliability and Security, ARES 2007

Y2 - 10 April 2007 through 13 April 2007

ER -

Alfaro JG, Cuppens F, Cuppens-Boulahia N. Aggregating and deploying network access control policies. In Proceedings - The Second International Conference on Availability, Reliability and Security, ARES 2007. IEEE Computer Society. 2007. p. 532-539. (Proceedings - Second International Conference on Availability, Reliability and Security, ARES 2007). doi: 10.1109/ARES.2007.34

Aggregating and deploying network access control policies

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this