Filtering Postures: Local Enforcement for Global Policies

نویسنده

  • Joshua D. Guttman
چکیده

When packet filtering is used as a security mechanism, different routers may need to cooperate to enforce the desired security policy. It is difficult to ensure that they will do so correctly. We introduce a simple language for expressing global network access control policies of a kind that filtering routers are capable of enforcing. We then introduce an algorithm that, given the network topology, will compute a set of filters for the individual routers; these filters are guaranteed to enforce the policy correctly. Since these filters may not provide optimal service, a human must sometimes alter them. A second algorithm compares a resulting set of filters to the global network access control policy to determine all policy violations, or to report that none exist. A prototype implementation demonstrates that the algorithms are efficient enough to give quick answers to questions of realistic scale.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Application - Oriented Security Policies and theirCompositionVirgil

We deene the notion of the application-oriented security policy and suggest that it diiers from that of a system-level, global security policy. We view a policy as a conjunction of security properties and argue that these properties are not always independent and, hence, cannot be analyzed (e.g., composed) individually. We also argue that some necessary policy properties fall outside of the Alp...

متن کامل

Firewall Conformance Testing

Test Cases for Mealy AutomataIdea: Ensure that every transition of a specification automatonMspec is correctly implemented in the implementation automatonMimp.For every transition from state si to state sj do:in generalfor TCP1) Bring Mimp to the initial state s1Use RST2) Transfer Mimp to state si3) Test the transitionUse a Test Tree4) Verify that...

متن کامل

Scalable Security Policy Mechanisms

The design principle of restricting local autonomy only where necessary for global robustness has led to a scalable Internet. Unfortunately, this scalability and capacity for distributed control has not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN system described in this paper demonstrates three new approaches to providing efficient local policy...

متن کامل

Managing Access Control in Large Scale Heterogeneous Networks

The design principle of maximizing local autonomy except when it conflicts with global robustness has led to a scalable Internet with enormous heterogeneity of both applications and infrastructure. These properties have not been achieved in the mechanisms for specifying and enforcing security policies. The STRONGMAN (for Scalable TRust Of Next Generation MANagement) system [14], [15] offers thr...

متن کامل

Lessons From Zika Policies to Improve Gender Equity

Gender equity is easily supported in theory but harder to pursue in practice. In this article, the case of Zika travel policies is used to illustrate some glaring gaps related to gender, for both men and women, at both international and national levels. Zika travel policies have not considered new evidence on biological or social determinants of health, putting babies at risk of exposure. The a...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1997