Inter-technology Conflict Analysis for Communication Protection Policies. Basile, C., Canavese, D., Lioy, A., & Valenza, F. In Proceedings of the 9th International Conference of Risks and Security of Internet and Systems (CRiSIS 2014), pages 148–163, 2014. Springer,.
![Inter-technology Conflict Analysis for Communication Protection Policies [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Paper doi abstract bibtex 30 downloads
Paper doi abstract bibtex 30 downloads Usually network administrators implement a protection policy by refining a set of (abstract) communication security requirements into configuration settings for the security controls that will provide the required protection. The refinement consists in evaluating the available technologies that can enforce the policy at node and network level, selecting the most suitable ones, and possibly making fine adjustments, like aggregating several individual channels into a single tunnel. The refinement process is a sensitive task which can lead to incorrect or suboptimal implementations, that in turn affect the overall security, decrease the network throughput and increase the maintenance costs. In literature, several techniques exist that can be used to identify anomalies (i.e. potential incompatibilities and redundancies among policy implementations. However, these techniques usually focus only on a single security technology (e.g. IPsec) and overlook the effects of multiple overlapping protection techniques. This paper presents a novel classification of communication protection policy anomalies and a formal model which is able to detect anomalies among policy implementations relying on technologies that work at different network layers. The result of our analysis allows administrators to have a precise insight on the various alternative implementations, their relations and the possibility of resolving anomalies, thus increasing the overall security and performance of a network. © Springer International Publishing Switzerland 2015.
@InProceedings{2015Crisis,
author = {Cataldo Basile and Daniele Canavese and Antonio Lioy and Fulvio Valenza},
booktitle = {Proceedings of the 9th International Conference of Risks and Security of Internet and Systems (CRiSIS 2014)},
doi = {10.1007/978-3-319-17127-2\_10},
pages = {148--163},
publisher = {Springer,},
title = {Inter-technology Conflict Analysis for Communication Protection Policies},
year = {2014},
abstract = {Usually network administrators implement a protection policy by refining a set of (abstract) communication security requirements into configuration settings for the security controls that will provide the required protection. The refinement consists in evaluating the available technologies that can enforce the policy at node and network level, selecting the most suitable ones, and possibly making fine adjustments, like aggregating several individual channels into a single tunnel. The refinement process is a sensitive task which can lead to incorrect or suboptimal implementations, that in turn affect the overall security, decrease the network throughput and increase the maintenance costs. In literature, several techniques exist that can be used to identify anomalies (i.e. potential incompatibilities and redundancies among policy implementations. However, these techniques usually focus only on a single security technology (e.g. IPsec) and overlook the effects of multiple overlapping protection techniques. This paper presents a novel classification of communication protection policy anomalies and a formal model which is able to detect anomalies among policy implementations relying on technologies that work at different network layers. The result of our analysis allows administrators to have a precise insight on the various alternative implementations, their relations and the possibility of resolving anomalies, thus increasing the overall security and performance of a network. © Springer International Publishing Switzerland 2015.},
keywords = {VPN, Policy Analysis},
url = {https://iris.polito.it/retrieve/handle/11583/2573139/426176/2015CRISIS_author.pdf},
}Downloads: 30
{"_id":"5jiWyymu2ZzqF4SC6","bibbaseid":"basile-canavese-lioy-valenza-intertechnologyconflictanalysisforcommunicationprotectionpolicies-2014","authorIDs":["XRFf3mmJNmSCrLeYm","anJrBcCdr4LzzWetx","kZX45LN2E7H4AXGsg","mWi7vbetNGoNvxDZk","x5vNTEJ4s3raTsibp"],"author_short":["Basile, C.","Canavese, D.","Lioy, A.","Valenza, F."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"firstnames":["Cataldo"],"propositions":[],"lastnames":["Basile"],"suffixes":[]},{"firstnames":["Daniele"],"propositions":[],"lastnames":["Canavese"],"suffixes":[]},{"firstnames":["Antonio"],"propositions":[],"lastnames":["Lioy"],"suffixes":[]},{"firstnames":["Fulvio"],"propositions":[],"lastnames":["Valenza"],"suffixes":[]}],"booktitle":"Proceedings of the 9th International Conference of Risks and Security of Internet and Systems (CRiSIS 2014)","doi":"10.1007/978-3-319-17127-2_10","pages":"148–163","publisher":"Springer,","title":"Inter-technology Conflict Analysis for Communication Protection Policies","year":"2014","abstract":"Usually network administrators implement a protection policy by refining a set of (abstract) communication security requirements into configuration settings for the security controls that will provide the required protection. The refinement consists in evaluating the available technologies that can enforce the policy at node and network level, selecting the most suitable ones, and possibly making fine adjustments, like aggregating several individual channels into a single tunnel. The refinement process is a sensitive task which can lead to incorrect or suboptimal implementations, that in turn affect the overall security, decrease the network throughput and increase the maintenance costs. In literature, several techniques exist that can be used to identify anomalies (i.e. potential incompatibilities and redundancies among policy implementations. However, these techniques usually focus only on a single security technology (e.g. IPsec) and overlook the effects of multiple overlapping protection techniques. This paper presents a novel classification of communication protection policy anomalies and a formal model which is able to detect anomalies among policy implementations relying on technologies that work at different network layers. The result of our analysis allows administrators to have a precise insight on the various alternative implementations, their relations and the possibility of resolving anomalies, thus increasing the overall security and performance of a network. © Springer International Publishing Switzerland 2015.","keywords":"VPN, Policy Analysis","url":"https://iris.polito.it/retrieve/handle/11583/2573139/426176/2015CRISIS_author.pdf","bibtex":"@InProceedings{2015Crisis,\r\n author = {Cataldo Basile and Daniele Canavese and Antonio Lioy and Fulvio Valenza},\r\n booktitle = {Proceedings of the 9th International Conference of Risks and Security of Internet and Systems (CRiSIS 2014)},\r\n doi = {10.1007/978-3-319-17127-2\\_10},\r\n pages = {148--163},\r\n publisher = {Springer,},\r\n title = {Inter-technology Conflict Analysis for Communication Protection Policies},\r\n year = {2014},\r\n abstract = {Usually network administrators implement a protection policy by refining a set of (abstract) communication security requirements into configuration settings for the security controls that will provide the required protection. The refinement consists in evaluating the available technologies that can enforce the policy at node and network level, selecting the most suitable ones, and possibly making fine adjustments, like aggregating several individual channels into a single tunnel. The refinement process is a sensitive task which can lead to incorrect or suboptimal implementations, that in turn affect the overall security, decrease the network throughput and increase the maintenance costs. In literature, several techniques exist that can be used to identify anomalies (i.e. potential incompatibilities and redundancies among policy implementations. However, these techniques usually focus only on a single security technology (e.g. IPsec) and overlook the effects of multiple overlapping protection techniques. This paper presents a novel classification of communication protection policy anomalies and a formal model which is able to detect anomalies among policy implementations relying on technologies that work at different network layers. The result of our analysis allows administrators to have a precise insight on the various alternative implementations, their relations and the possibility of resolving anomalies, thus increasing the overall security and performance of a network. © Springer International Publishing Switzerland 2015.},\r\n keywords = {VPN, Policy Analysis},\r\n url = {https://iris.polito.it/retrieve/handle/11583/2573139/426176/2015CRISIS_author.pdf},\r\n}\r\n\r\n","author_short":["Basile, C.","Canavese, D.","Lioy, A.","Valenza, F."],"key":"2015Crisis","id":"2015Crisis","bibbaseid":"basile-canavese-lioy-valenza-intertechnologyconflictanalysisforcommunicationprotectionpolicies-2014","role":"author","urls":{"Paper":"https://iris.polito.it/retrieve/handle/11583/2573139/426176/2015CRISIS_author.pdf"},"keyword":["VPN","Policy Analysis"],"metadata":{"authorlinks":{"basile, c":"https://bibbase.org/show?bib=https%3A%2F%2Fraw.githubusercontent.com%2FFulvioValenza%2Fbibliography%2Fmain%2FValenza_bibliography.bib&msg=embed","valenza, f":"https://bibbase.org/show?bib=https%3A%2F%2Fraw.githubusercontent.com%2FFulvioValenza%2Fbibliography%2Fmain%2FValenza_bibliography.bib&commas=true","lioy, a":"https://bibbase.org/show?bib=https%3A%2F%2Fapi.zotero.org%2Fusers%2F5139827%2Fcollections%2FVXETGAGS%2Fitems%3Fkey%3DQGzpwPjh3o52dcqjnJwanlfq%26format%3Dbibtex%26limit%3D100&msg=embed","basile, c":"https://bibbase.org/service/mendeley/47be63fe-fca0-3f0f-a864-642602926c3f","valenza, f":"https://bibbase.org/service/mendeley/47be63fe-fca0-3f0f-a864-642602926c3f"}},"downloads":30},"bibtype":"inproceedings","biburl":"https://raw.githubusercontent.com/FulvioValenza/bibliography/main/Valenza_bibliography.bib","creationDate":"2021-01-16T10:07:49.763Z","downloads":30,"keywords":["vpn","policy analysis"],"search_terms":["inter","technology","conflict","analysis","communication","protection","policies","basile","canavese","lioy","valenza"],"title":"Inter-technology Conflict Analysis for Communication Protection Policies","year":2014,"dataSources":["JbiX35GNqPCF3nids","csYhy47rJJgSM7jjJ"]}