Mining a high level access control policy in a network with multiple firewalls
Autor: | Frédéric Cuppens, Safaía Hachana, Nora Cuppens-Boulahia |
---|---|
Rok vydání: | 2015 |
Předmět: |
Computer Networks and Communications
Network security business.industry Computer science Access control Computer security computer.software_genre Firewall (construction) Software deployment Network Access Control Information system Network security policy Application firewall Safety Risk Reliability and Quality business computer Software |
Zdroj: | Journal of Information Security and Applications. 20:61-73 |
ISSN: | 2214-2126 |
Popis: | A policy mining approach that aims to automatically extract a high level of abstraction policy from the rules configured on a firewall has been recently proposed (Hachana et?al., 2013). This technique is likely to considerably facilitate firewall management. However, protecting the information system of a business organization usually requires the enforcement of more than one firewall. In this paper, we augment the policy mining approach by an additional processing for a network access control policy mining. We develop the problem of integration of Net-RBAC (Hachana, 2014) policies resulting from policy mining over several firewalls in order to mine a high level network policy. Moreover, we show how to verify security properties related to the deployment consistency over the firewalls. We illustrate the network policy mining approach by a realistic example, and we experimentally evaluate the performance of our merger algorithms. |
Databáze: | OpenAIRE |
Externí odkaz: |