Network Security Policy Verification

We present a unified theory for verifying network security policies. A security policy is represented as directed graph. To check high-level security goals, security invariants over the policy are expressed. We cover monotonic security invariants, i.e. prohibiting more does not harm security. We provide the following contributions for the security invariant theory. (i) Secure auto-completion of scenario-specific knowledge, which eases usability. (ii) Security violations can be repaired by tightening the policy iff the security invariants hold for the deny-all policy. (iii) An algorithm to compute a security policy. (iv) A formalization of stateful connection semantics in network security mechanisms. (v) An algorithm to compute a secure stateful implementation of a policy. (vi) An executable implementation of all the theory. (vii) Examples, ranging from an aircraft cabin data network to the analysis of a large real-world firewall. For a detailed description, see [2, 1]. Acknowledgements. This entry contains contributions by Lars Hupel and would not have made it into the AFP without him. I want to thank the Isabelle group Munich for always providing valuable help. I would like to express my deep gratitude to my supervisor, Georg Carle, for supporting this topic and facilitating further research possibilities in this field.