UNICA IRIS Institutional Research Information System

This paper presents a formal model of the features, named security capabilities, offered by the controls used for enforcing security policies in computer networks. It has been designed to support policy refinement and policy translation and address useful, practical tasks in a vendor-independent manner. The model adopts state-of-the-art design patterns and has been designed to be extensible. The model describes the actions that the controls can perform (e.g. deny packets or encrypt flows), the conditions to select on what to apply the actions, how to compose valid configuration rules from them, and how to build configurations from rules. It proved effective to model filtering controls and iptables.

A model of capabilities of network security functions

Basile C.;Canavese D.;Regano L.;Pedone I.;Lioy A.

2022-01-01

Abstract

This paper presents a formal model of the features, named security capabilities, offered by the controls used for enforcing security policies in computer networks. It has been designed to support policy refinement and policy translation and address useful, practical tasks in a vendor-independent manner. The model adopts state-of-the-art design patterns and has been designed to be extensible. The model describes the actions that the controls can perform (e.g. deny packets or encrypt flows), the conditions to select on what to apply the actions, how to compose valid configuration rules from them, and how to build configurations from rules. It proved effective to model filtering controls and iptables.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2022
			
	Codice ISBN
	
				978-1-6654-0694-9
			
	Parole chiave
	
				cybersecurity
software networks
security controls
network security functions
			
	Tipologia:
	
				4.1 Contributo in Atti di convegno

File in questo prodotto:

File	Dimensione	Formato
A_model_of_capabilities_of_Network_Security_Functions.pdf Solo gestori archivio Descrizione: VoR Tipologia: versione editoriale (VoR) Dimensione 185.96 kB Formato Adobe PDF Visualizza/Apri Richiedi una copia	185.96 kB	Adobe PDF	Visualizza/Apri Richiedi una copia
A_model_of_capabilities_of_Network_Iris.pdf accesso aperto Descrizione: AAM Tipologia: versione post-print (AAM) Dimensione 922.66 kB Formato Adobe PDF Visualizza/Apri	922.66 kB	Adobe PDF	Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11584/377449

Citazioni

ND

4

4

social impact