Abstract:
|
We focus in this paper on the problem of configuring and managing network security devices, such as Fire-walls, Virtual Private Network (VPN) tunnels, and Intrusion Detection Systems (IDSs). Our proposal is the following. First, we formally specify the security requirements of a given system by using an expressive access control model. As a result, we obtain an abstract security policy, which is free of ambiguities, redundancies or unnecessary details. Second, we deploy such an abstract policy through a set of automatic compilations
into the security devices of the system. This proposed deployment process not only simplifies the security
administrator's job, but also guarantees a resulting configuration free of anomalies and/or inconsistencies. |