A formal approach for network security policy validation. Valenza, F., Su, T., Spinoso, S., Lioy, A., Sisto, R., & Vallini, M. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 8(1):79–100, 2017.
![A formal approach for network security policy validation [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Paper doi abstract bibtex 3 downloads
Paper doi abstract bibtex 3 downloads Network security is a crucial aspect for administrators due to increasing network size and number of functions and controls (e.g. firewall, DPI, parental control). Errors in configuring security controls may result in serious security breaches and vulnerabilities (e.g. blocking legitimate traffic or permitting unwanted traffic) that must be absolutely detected and addressed. This work proposes a novel approach for validating network policy enforcement, by checking the network status and configuration, and detection of the possible causes in case of misconfiguration or software attacks. Our contribution exploits formal methods to model and validate the packet processing and forwarding behaviour of security controls, and to validate the trustworthiness of the controls by using remote attestation. A prototype implementation of this approach is proposed to validate different scenarios. © 2017, Innovative Information Science and Technology Research Group
@Article{2017JOUWA,
author = {Fulvio Valenza and Tao Su and Serena Spinoso and Antonio Lioy and Riccardo Sisto and Marco Vallini},
doi = {10.22667/JOWUA.2017.03.31.079},
journal = {J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl.},
number = {1},
pages = {79--100},
title = {A formal approach for network security policy validation},
volume = {8},
year = {2017},
doi={10.22667/JOWUA.2017.03.31.079},
abstract={Network security is a crucial aspect for administrators due to increasing network size and number of functions and controls (e.g. firewall, DPI, parental control). Errors in configuring security controls may result in serious security breaches and vulnerabilities (e.g. blocking legitimate traffic or permitting unwanted traffic) that must be absolutely detected and addressed. This work proposes a novel approach for validating network policy enforcement, by checking the network status and configuration, and detection of the possible causes in case of misconfiguration or software attacks. Our contribution exploits formal methods to model and validate the packet processing and forwarding behaviour of security controls, and to validate the trustworthiness of the controls by using remote attestation. A prototype implementation of this approach is proposed to validate different scenarios. © 2017, Innovative Information Science and Technology Research Group},
keywords={Policy Analysis, Policy Verification, Remote Attestation},
url = {https://iris.polito.it/retrieve/handle/11583/2659302/284666/2017JOWUA.pdf},
}Downloads: 3
{"_id":"BK8zu2C7K9WdsbgFw","bibbaseid":"valenza-su-spinoso-lioy-sisto-vallini-aformalapproachfornetworksecuritypolicyvalidation-2017","authorIDs":["anJrBcCdr4LzzWetx","kZX45LN2E7H4AXGsg","x5vNTEJ4s3raTsibp"],"author_short":["Valenza, F.","Su, T.","Spinoso, S.","Lioy, A.","Sisto, R.","Vallini, M."],"bibdata":{"bibtype":"article","type":"article","author":[{"firstnames":["Fulvio"],"propositions":[],"lastnames":["Valenza"],"suffixes":[]},{"firstnames":["Tao"],"propositions":[],"lastnames":["Su"],"suffixes":[]},{"firstnames":["Serena"],"propositions":[],"lastnames":["Spinoso"],"suffixes":[]},{"firstnames":["Antonio"],"propositions":[],"lastnames":["Lioy"],"suffixes":[]},{"firstnames":["Riccardo"],"propositions":[],"lastnames":["Sisto"],"suffixes":[]},{"firstnames":["Marco"],"propositions":[],"lastnames":["Vallini"],"suffixes":[]}],"doi":"10.22667/JOWUA.2017.03.31.079","journal":"J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl.","number":"1","pages":"79–100","title":"A formal approach for network security policy validation","volume":"8","year":"2017","abstract":"Network security is a crucial aspect for administrators due to increasing network size and number of functions and controls (e.g. firewall, DPI, parental control). Errors in configuring security controls may result in serious security breaches and vulnerabilities (e.g. blocking legitimate traffic or permitting unwanted traffic) that must be absolutely detected and addressed. This work proposes a novel approach for validating network policy enforcement, by checking the network status and configuration, and detection of the possible causes in case of misconfiguration or software attacks. Our contribution exploits formal methods to model and validate the packet processing and forwarding behaviour of security controls, and to validate the trustworthiness of the controls by using remote attestation. A prototype implementation of this approach is proposed to validate different scenarios. © 2017, Innovative Information Science and Technology Research Group","keywords":"Policy Analysis, Policy Verification, Remote Attestation","url":"https://iris.polito.it/retrieve/handle/11583/2659302/284666/2017JOWUA.pdf","bibtex":"@Article{2017JOUWA,\r\n author = {Fulvio Valenza and Tao Su and Serena Spinoso and Antonio Lioy and Riccardo Sisto and Marco Vallini},\r\n doi = {10.22667/JOWUA.2017.03.31.079},\r\n journal = {J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl.},\r\n number = {1},\r\n pages = {79--100},\r\n title = {A formal approach for network security policy validation},\r\n volume = {8},\r\n year = {2017},\r\n doi={10.22667/JOWUA.2017.03.31.079},\r\n abstract={Network security is a crucial aspect for administrators due to increasing network size and number of functions and controls (e.g. firewall, DPI, parental control). Errors in configuring security controls may result in serious security breaches and vulnerabilities (e.g. blocking legitimate traffic or permitting unwanted traffic) that must be absolutely detected and addressed. This work proposes a novel approach for validating network policy enforcement, by checking the network status and configuration, and detection of the possible causes in case of misconfiguration or software attacks. Our contribution exploits formal methods to model and validate the packet processing and forwarding behaviour of security controls, and to validate the trustworthiness of the controls by using remote attestation. A prototype implementation of this approach is proposed to validate different scenarios. © 2017, Innovative Information Science and Technology Research Group},\r\n keywords={Policy Analysis, Policy Verification, Remote Attestation},\r\n url = {https://iris.polito.it/retrieve/handle/11583/2659302/284666/2017JOWUA.pdf},\r\n}\r\n\r\n","author_short":["Valenza, F.","Su, T.","Spinoso, S.","Lioy, A.","Sisto, R.","Vallini, M."],"key":"2017JOUWA","id":"2017JOUWA","bibbaseid":"valenza-su-spinoso-lioy-sisto-vallini-aformalapproachfornetworksecuritypolicyvalidation-2017","role":"author","urls":{"Paper":"https://iris.polito.it/retrieve/handle/11583/2659302/284666/2017JOWUA.pdf"},"keyword":["Policy Analysis","Policy Verification","Remote Attestation"],"metadata":{"authorlinks":{"valenza, f":"https://bibbase.org/show?bib=https%3A%2F%2Fraw.githubusercontent.com%2FFulvioValenza%2Fbibliography%2Fmain%2FValenza_bibliography.bib&commas=true","lioy, a":"https://bibbase.org/show?bib=https%3A%2F%2Fapi.zotero.org%2Fusers%2F5139827%2Fcollections%2FVXETGAGS%2Fitems%3Fkey%3DQGzpwPjh3o52dcqjnJwanlfq%26format%3Dbibtex%26limit%3D100&msg=embed","valenza, f":"https://bibbase.org/service/mendeley/47be63fe-fca0-3f0f-a864-642602926c3f"}},"downloads":3},"bibtype":"article","biburl":"https://raw.githubusercontent.com/FulvioValenza/bibliography/main/Valenza_bibliography.bib","creationDate":"2021-01-16T10:07:49.758Z","downloads":3,"keywords":["policy analysis","policy verification","remote attestation"],"search_terms":["formal","approach","network","security","policy","validation","valenza","su","spinoso","lioy","sisto","vallini"],"title":"A formal approach for network security policy validation","year":2017,"dataSources":["JbiX35GNqPCF3nids","csYhy47rJJgSM7jjJ"]}