Universitat Oberta de Catalunya
We focus in this paper on the problem of configuring and managing network security devices, such as Fire-walls, Virtual Private Network (VPN) tunnels, and Intrusion Detection Systems (IDSs). Our proposal is the following. First, we formally specify the security requirements of a given system by using an expressive access control model. As a result, we obtain an abstract security policy, which is free of ambiguities, redundancies or unnecessary details. Second, we deploy such an abstract policy through a set of automatic compilations into the security devices of the system. This proposed deployment process not only simplifies the security administrator's job, but also guarantees a resulting configuration free of anomalies and/or inconsistencies.
English
Computer networks -- Security measures; Computer security; Firewalls (Computer security); Ordinadors, Xarxes d' -- Mesures de seguretat; Informàtica -- Mesures de seguretat; Tallafocs (Seguretat informàtica); Ordenadores, Redes de -- Medidas de seguridad; Informática -- Medidas de seguridad; Cortafuegos (Seguridad informática)
NO
Conferències [67]
