Skip to main content
SpringerLink
Log in

Rigorous automated network security management

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Achieving a security goal in a networked system requires the cooperation of a variety of devices, each device potentially requiring a different configuration. Many information security problems may be solved with appropriate models of these devices and their interactions, giving a systematic way to handle the complexity of real situations.

We present an approach, rigorous automated network security management, that front-loads formal modeling and analysis before problem solving, thereby providing easy-to-run tools with rigorously justified results. With this approach, we model the network and a class of practically important security goals. The models derived suggest algorithms that, given system configuration information, determine the security goals satisfied by the system. The modeling provides rigorous justification for the algorithms, which may then be implemented as ordinary computer programs requiring no formal methods training to operate.

We have applied this approach to several problems. In this paper we describe two: distributed packet filtering and the use of IP security (IPsec) gateways. We also describe how to piece together the two separate solutions to these problems, jointly enforcing packet filtering as well as IPsec authentication and confidentiality on a single network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bartal Y, Mayer A, Nissim K, Wool A (1999) Firmato: a novel firewall management toolkit. In: Proceedings of the IEEE symposium on security and privacy. IEEE Press, New York

  2. Bellovin S (1996) Problem areas for the IP security protocols. In: Proceedings of the 6th USENIX UNIX security symposium, July 1996. Also at ftp://ftp.research.att.com/dist/smb/badesp.ps

  3. Brace KS, Rudell RL, Bryant RE (1990) Efficient implementation of a BDD package. In: 27th ACM/IEEE design automation conference, pp 40–45

  4. Bryant RE (1986) Graph-based algorithms for boolean function manipulation. IEEE Trans Comput C-35(8):677–691

  5. Cisco Systems (1994) Router Products Command Reference, 10th edn. Chapters 10 to 17 (especially Chapter 16). For more recent information, see http://www.cisco.com/univercd/

  6. Ferguson N, Schneier B (1999) A cryptographic evaluation of ipsec. Counterpane Internet Security, Inc. http://www.counterpane.com/ipsec.html

  7. Guttman JD (1997) Filtering postures: Local enforcement for global policies. In: Proceedings of the 1997 IEEE symposium on security and privacy. IEEE Press, New York, pp 120–129

  8. Guttman JD (2001) Security goals: packet trajectories and strand spaces. In: Gorrieri R, Focardi R (eds) Foundations of security analysis and design. Lecture notes in computer science, vol 2171. Springer, Berlin Heidelberg New York, pp 197–261

  9. Guttman JD, Herzog AL, Ramsdell JD, Skorupka CW (2005) Verifying information flow goals in security-enhanced Linux. J Comput Secur 13(1)

  10. Guttman JD, Herzog AL, Thayer FJ (2000) Authentication and confidentiality via IPsec. In: Gollman D (ed) ESORICS 2000: European symposium on research in computer security. Lecture notes in computer science, vol 1895. Springer, Berlin Heidelberg New York

  11. Harkins D, Carrel D (1998) The Internet Key Exchange (IKE). IETF Network Working Group RFC 2409, November 1998

  12. Kent S, Atkinson R (1998) IP authentication header. IETF Network Working Group RFC 2402, November 1998

  13. Kent S, Atkinson R (1998) IP encapsulating security payload. IETF Network Working Group RFC 2406, November 1998

  14. Kent S, Atkinson R (1998) Security Architecture for the Internet protocol. IETF Network Working Group RFC 2401, November 1998

  15. Leroy X, Doligez D, Garrigue J, Rémy D, Vouillon J (2000) The Objective Caml system,version 3.00. INRIA, http://caml.inria.fr/.

  16. Loscocco P, Smalley S (2001) Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the FREENIX Track of the 2001 USENIX annual technical conference

  17. Loscocco P, Smalley S (2001) Meeting critical security objectives with security-enhanced Linux. In: Proceedings of the 2001 Ottawa Linux symposium

  18. Maughan D, Schertler M, Schneider M, Turner J (1998) Internet Security Association and Key Management Protocol (ISAKMP). IETF Network Working Group RFC 2408, November 1998

  19. Mayer A, Wool A, Ziskind E (2000) Fang: a firewall analysis engine. In: Proceedings of the IEEE symposium on security and privacy, May 2000. IEEE Press, New York, pp 177–187

  20. Reed D (2002) Ip filter. Download Web Page, December. URL http://coombs.anu.edu.au/ avalon/

  21. Russell R (2000) Linux ip firewalling chains. Linux Howto, October 2000. URL http://www.netfilter.org/ipchains/

  22. Schneider S (1996) Security properties and CSP. In: Proceedings of the 1996 IEEE symposium on security and privacy, May 1996. IEEE Press, New York, pp 174–187

Download references

Author information

Authors and Affiliations

  1. The MITRE Corporation, Bedford, MA, USA

    Joshua D. Guttman & Amy L. Herzog

Authors
  1. Joshua D. Guttman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Amy L. Herzog
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joshua D. Guttman.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Guttman, J., Herzog, A. Rigorous automated network security management. IJIS 4, 29–48 (2005). https://doi.org/10.1007/s10207-004-0052-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0052-x

Keywords

Search

Navigation