Classification and Analysis of Communication Protection Policy Anomalies

Autor: Cataldo Basile, Antonio Lioy, Daniele Canavese, Fulvio Valenza
Rok vydání: 2017
Předmět:
Zdroj: IEEE/ACM Transactions on Networking
IEEE/ACM transactions on networking
(2017). doi:10.1109/TNET.2017.2708096
info:cnr-pdr/source/autori:Valenza F.; Basile C.; Canavese D.; Lioy A./titolo:Classification and Analysis of Communication Protection Policy Anomalies/doi:10.1109%2FTNET.2017.2708096/rivista:IEEE%2FACM transactions on networking (Print)/anno:2017/pagina_da:/pagina_a:/intervallo_pagine:/volume
ISSN: 1558-2566
1063-6692
Popis: This paper presents a classification of the anomalies that can appear when designing or implementing communication protection policies. Together with the already known intra- and inter-policy anomaly types, we introduce a novel category, the inter-technology anomalies, related to security controls implementing different technologies, both within the same network node and among different network nodes. Through an empirical assessment, we prove the practical significance of detecting this new anomaly class. Furthermore, this paper introduces a formal model, based on first-order logic rules that analyses the network topology and the security controls at each node to identify the detected anomalies and suggest the strategies to resolve them. This formal model has manageable computational complexity and its implementation has shown excellent performance and good scalability.
Published on IEEE/ACM Transactions on Networking
Databáze: OpenAIRE
Externí odkaz: