Abstract
Achieving a security goal in a networked system requires the cooperation of a variety of devices, each device potentially requiring a different configuration. Many information security problems may be solved with appropriate models of these devices and their interactions, giving a systematic way to handle the complexity of real situations.
We present an approach, rigorous automated network security management, that front-loads formal modeling and analysis before problem solving, thereby providing easy-to-run tools with rigorously justified results. With this approach, we model the network and a class of practically important security goals. The models derived suggest algorithms that, given system configuration information, determine the security goals satisfied by the system. The modeling provides rigorous justification for the algorithms, which may then be implemented as ordinary computer programs requiring no formal methods training to operate.
We have applied this approach to several problems. In this paper we describe two: distributed packet filtering and the use of IP security (IPsec) gateways. We also describe how to piece together the two separate solutions to these problems, jointly enforcing packet filtering as well as IPsec authentication and confidentiality on a single network.
Similar content being viewed by others
References
Bartal Y, Mayer A, Nissim K, Wool A (1999) Firmato: a novel firewall management toolkit. In: Proceedings of the IEEE symposium on security and privacy. IEEE Press, New York
Bellovin S (1996) Problem areas for the IP security protocols. In: Proceedings of the 6th USENIX UNIX security symposium, July 1996. Also at ftp://ftp.research.att.com/dist/smb/badesp.ps
Brace KS, Rudell RL, Bryant RE (1990) Efficient implementation of a BDD package. In: 27th ACM/IEEE design automation conference, pp 40–45
Bryant RE (1986) Graph-based algorithms for boolean function manipulation. IEEE Trans Comput C-35(8):677–691
Cisco Systems (1994) Router Products Command Reference, 10th edn. Chapters 10 to 17 (especially Chapter 16). For more recent information, see http://www.cisco.com/univercd/
Ferguson N, Schneier B (1999) A cryptographic evaluation of ipsec. Counterpane Internet Security, Inc. http://www.counterpane.com/ipsec.html
Guttman JD (1997) Filtering postures: Local enforcement for global policies. In: Proceedings of the 1997 IEEE symposium on security and privacy. IEEE Press, New York, pp 120–129
Guttman JD (2001) Security goals: packet trajectories and strand spaces. In: Gorrieri R, Focardi R (eds) Foundations of security analysis and design. Lecture notes in computer science, vol 2171. Springer, Berlin Heidelberg New York, pp 197–261
Guttman JD, Herzog AL, Ramsdell JD, Skorupka CW (2005) Verifying information flow goals in security-enhanced Linux. J Comput Secur 13(1)
Guttman JD, Herzog AL, Thayer FJ (2000) Authentication and confidentiality via IPsec. In: Gollman D (ed) ESORICS 2000: European symposium on research in computer security. Lecture notes in computer science, vol 1895. Springer, Berlin Heidelberg New York
Harkins D, Carrel D (1998) The Internet Key Exchange (IKE). IETF Network Working Group RFC 2409, November 1998
Kent S, Atkinson R (1998) IP authentication header. IETF Network Working Group RFC 2402, November 1998
Kent S, Atkinson R (1998) IP encapsulating security payload. IETF Network Working Group RFC 2406, November 1998
Kent S, Atkinson R (1998) Security Architecture for the Internet protocol. IETF Network Working Group RFC 2401, November 1998
Leroy X, Doligez D, Garrigue J, Rémy D, Vouillon J (2000) The Objective Caml system,version 3.00. INRIA, http://caml.inria.fr/.
Loscocco P, Smalley S (2001) Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the FREENIX Track of the 2001 USENIX annual technical conference
Loscocco P, Smalley S (2001) Meeting critical security objectives with security-enhanced Linux. In: Proceedings of the 2001 Ottawa Linux symposium
Maughan D, Schertler M, Schneider M, Turner J (1998) Internet Security Association and Key Management Protocol (ISAKMP). IETF Network Working Group RFC 2408, November 1998
Mayer A, Wool A, Ziskind E (2000) Fang: a firewall analysis engine. In: Proceedings of the IEEE symposium on security and privacy, May 2000. IEEE Press, New York, pp 177–187
Reed D (2002) Ip filter. Download Web Page, December. URL http://coombs.anu.edu.au/ avalon/
Russell R (2000) Linux ip firewalling chains. Linux Howto, October 2000. URL http://www.netfilter.org/ipchains/
Schneider S (1996) Security properties and CSP. In: Proceedings of the 1996 IEEE symposium on security and privacy, May 1996. IEEE Press, New York, pp 174–187
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Guttman, J., Herzog, A. Rigorous automated network security management. IJIS 4, 29–48 (2005). https://doi.org/10.1007/s10207-004-0052-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-004-0052-x