PORTO @ Archivio Istituzionale della Ricerca

This paper presents a formal model of the features, named security capabilities, offered by the controls used for enforcing security policies in computer networks. It has been designed to support policy refinement and policy translation and address useful, practical tasks in a vendor-independent manner. The model adopts state-of-the-art design patterns and has been designed to be extensible. The model describes the actions that the controls can perform (e.g. deny packets or encrypt flows), the conditions to select on what to apply the actions, how to compose valid configuration rules from them, and how to build configurations from rules. It proved effective to model filtering controls and iptables.

A model of capabilities of Network Security Functions / Basile, C.; Canavese, D.; Regano, L.; Pedone, I.; Lioy, A.. - STAMPA. - (2022), pp. 474-479. (Intervento presentato al convegno 2022 IEEE 8th International Conference on Network Softwarization tenutosi a Milano (Italy) nel 27 June - 1 July 2022) [10.1109/NetSoft54395.2022.9844057].

A model of capabilities of Network Security Functions

Basile C.;Canavese D.;Regano L.;Pedone I.;Lioy A.
2022

Abstract

This paper presents a formal model of the features, named security capabilities, offered by the controls used for enforcing security policies in computer networks. It has been designed to support policy refinement and policy translation and address useful, practical tasks in a vendor-independent manner. The model adopts state-of-the-art design patterns and has been designed to be extensible. The model describes the actions that the controls can perform (e.g. deny packets or encrypt flows), the conditions to select on what to apply the actions, how to compose valid configuration rules from them, and how to build configurations from rules. It proved effective to model filtering controls and iptables.
2022
978-1-6654-0694-9
4.1 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
A_model_of_capabilities_of_Network_Security_Functions.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 185.96 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
185.96 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2971490