Formal validation of automated policy refinement in the management of network security systems

Policy hierarchies and automated policy refinement are powerful approaches to simplify administration of security services in complex network environments. A crucial issue for the practical use of these approaches is to ensure the validity of the policy hierarchy, i.e. since the policy sets for the lower levels are automatically derived from the abstract policies (defined by the modeller), we must be sure that the derived policies uphold the high-level ones. This paper builds upon previous work on Model-based Management, particularly on the Diagram of Abstract Subsystems approach, and goes further to propose a formal validation approach for the policy hierarchies yielded by the automated policy refinement process. We establish general validation conditions for a multi-layered policy model, i.e. necessary and sufficient conditions that a policy hierarchy must satisfy so that the lower-level policy sets are valid refinements of the higher-level policies according to the criteria of consistency and completeness. Relying upon the validation conditions and upon axioms about the model representativeness, two theorems are proved to ensure compliance between the resulting system behaviour and the abstract policies that are modelled.

[1]  Heiko Krumm,et al.  Model-based management of security services in complex network environments , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[2]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  João Porto de Albuquerque Pereira Model-based configuration management of security systems in complex network environments , 2006 .

[5]  Morris Sloman,et al.  Policy driven management for distributed systems , 1994, Journal of Network and Systems Management.

[6]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[7]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[8]  Heiko Krumm,et al.  Model-Based Tool-Assistance for Packet-Filter Design , 2001, POLICY.

[9]  Prasad Rao,et al.  Automatic management of network security policy , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[10]  Heiko Krumm,et al.  Policy modeling and refinement for network security systems , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[11]  Morris Sloman,et al.  Policies Hierarchies for Distributed Systems Management , 1993, IEEE J. Sel. Areas Commun..

[12]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[13]  Avishai Wool,et al.  Firmato: a novel firewall management toolkit , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[14]  Andrea Westerinen,et al.  Terminology for Policy-Based Management , 2001, RFC.

[15]  Marco Casassa Mont,et al.  POWER prototype: towards integrated policy-based management , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[16]  Nora Cuppens-Boulahia,et al.  A Formal Approach to Specify and Deploy a Network Security Policy , 2004, Formal Aspects in Security and Trust.

[17]  Marshall Abrams,et al.  Abstraction and Refinement of Layered Security Policy , 2006 .

[18]  Emil C. Lupu,et al.  Security and management policy specification , 2002, IEEE Netw..

[19]  René Wies,et al.  Using a classification of management policies for policy specification and policy transformation , 1995, Integrated Network Management.

[20]  Heiko Krumm,et al.  On Scalability and Modularisation in the Modelling of Network Security Systems , 2005, ESORICS.

[21]  Joshua D. Guttman,et al.  Filtering postures: local enforcement for global policies , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[22]  Ingo Lück,et al.  Model-based configuration of VPNs , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[23]  Heiko Krumm,et al.  Improving the Configuration Management of Large Network Security Systems , 2005, DSOM.

[24]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .