On the isofunctionality of network access control lists

Malek Belhaouane; Joaquin Garcia-Alfaro; Hervé Debar

doi:10.1109/ARES.2015.78

On the isofunctionality of network access control lists

Malek Belhaouane
, Joaquin Garcia-Alfaro
, Hervé Debar

CNRS SAMOVAR UMR 5157

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In a networking context, Access Control Lists (ACLs) refer to security rules associated to network equipment, such as routers, switches and firewalls. Methods and tools to automate the management of ACLs distributed among several equipment shall verify if the corresponding ACLs are functionally equivalent. In this paper, we address such a verification process. We present a formal method to verify when two ACLs are iso functional and illustrate our proposal over a practical example.

Original language	English
Title of host publication	Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	168-173
Number of pages	6
ISBN (Electronic)	9781467365901
DOIs	https://doi.org/10.1109/ARES.2015.78
Publication status	Published - 16 Oct 2015
Externally published	Yes
Event	10th International Conference on Availability, Reliability and Security, ARES 2015 - Toulouse, France Duration: 24 Aug 2015 → 27 Aug 2015

Publication series

Name	Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015

Conference

Conference	10th International Conference on Availability, Reliability and Security, ARES 2015
Country/Territory	France
City	Toulouse
Period	24/08/15 → 27/08/15

Keywords

Access Control
Authorization
Computer Security
Network Security
Policy Analysis
Policy Management

Access to Document

10.1109/ARES.2015.78

Cite this

Belhaouane, M., Garcia-Alfaro, J., & Debar, H. (2015). On the isofunctionality of network access control lists. In Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015 (pp. 168-173). (Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ARES.2015.78

Belhaouane, Malek ; Garcia-Alfaro, Joaquin ; Debar, Hervé. / On the isofunctionality of network access control lists. Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 168-173 (Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015).

@inproceedings{69bb2503d49248558e208a11cdee9070,

title = "On the isofunctionality of network access control lists",

abstract = "In a networking context, Access Control Lists (ACLs) refer to security rules associated to network equipment, such as routers, switches and firewalls. Methods and tools to automate the management of ACLs distributed among several equipment shall verify if the corresponding ACLs are functionally equivalent. In this paper, we address such a verification process. We present a formal method to verify when two ACLs are iso functional and illustrate our proposal over a practical example.",

keywords = "Access Control, Authorization, Computer Security, Network Security, Policy Analysis, Policy Management",

author = "Malek Belhaouane and Joaquin Garcia-Alfaro and Herv{\'e} Debar",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 10th International Conference on Availability, Reliability and Security, ARES 2015 ; Conference date: 24-08-2015 Through 27-08-2015",

year = "2015",

month = oct,

day = "16",

doi = "10.1109/ARES.2015.78",

language = "English",

series = "Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "168--173",

booktitle = "Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015",

}

Belhaouane, M, Garcia-Alfaro, J & Debar, H 2015, On the isofunctionality of network access control lists. in Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015. Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015, Institute of Electrical and Electronics Engineers Inc., pp. 168-173, 10th International Conference on Availability, Reliability and Security, ARES 2015, Toulouse, France, 24/08/15. https://doi.org/10.1109/ARES.2015.78

On the isofunctionality of network access control lists. / Belhaouane, Malek; Garcia-Alfaro, Joaquin; Debar, Hervé.
Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 168-173 (Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the isofunctionality of network access control lists

AU - Belhaouane, Malek

AU - Garcia-Alfaro, Joaquin

AU - Debar, Hervé

PY - 2015/10/16

Y1 - 2015/10/16

N2 - In a networking context, Access Control Lists (ACLs) refer to security rules associated to network equipment, such as routers, switches and firewalls. Methods and tools to automate the management of ACLs distributed among several equipment shall verify if the corresponding ACLs are functionally equivalent. In this paper, we address such a verification process. We present a formal method to verify when two ACLs are iso functional and illustrate our proposal over a practical example.

AB - In a networking context, Access Control Lists (ACLs) refer to security rules associated to network equipment, such as routers, switches and firewalls. Methods and tools to automate the management of ACLs distributed among several equipment shall verify if the corresponding ACLs are functionally equivalent. In this paper, we address such a verification process. We present a formal method to verify when two ACLs are iso functional and illustrate our proposal over a practical example.

KW - Access Control

KW - Authorization

KW - Computer Security

KW - Network Security

KW - Policy Analysis

KW - Policy Management

U2 - 10.1109/ARES.2015.78

DO - 10.1109/ARES.2015.78

M3 - Conference contribution

AN - SCOPUS:84961590441

T3 - Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015

SP - 168

EP - 173

BT - Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 10th International Conference on Availability, Reliability and Security, ARES 2015

Y2 - 24 August 2015 through 27 August 2015

ER -

Belhaouane M, Garcia-Alfaro J, Debar H. On the isofunctionality of network access control lists. In Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 168-173. (Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015). doi: 10.1109/ARES.2015.78

On the isofunctionality of network access control lists

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this