A model of capabilities of Network Security Functions

被引：4

作者：

Basile, Cataldo ^{[1
]}

Canavese, Daniele ^{[1
]}

Regano, Leonardo ^{[1
]}

Pedone, Ignazio ^{[1
]}

Lioy, Antonio ^{[1
]}

机构：

[1] Politecn Torino, Dip Automat & Informat, Turin, Italy

来源：

PROCEEDINGS OF THE 2022 IEEE 8TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT 2022): NETWORK SOFTWARIZATION COMING OF AGE: NEW CHALLENGES AND OPPORTUNITIES | 2022年

关键词：

software networks; security controls; network security functions;

D O I：

10.1109/NetSoft54395.2022.9844057

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

This paper presents a formal model of the features, named security capabilities, offered by the controls used for enforcing security policies in computer networks. It has been designed to support policy refinement and policy translation and address useful, practical tasks in a vendor-independent manner. The model adopts state-of-the-art design patterns and has been designed to be extensible. The model describes the actions that the controls can perform (e.g. deny packets or encrypt flows), the conditions to select on what to apply the actions, how to compose valid configuration rules from them, and how to build configurations from rules. It proved effective to model filtering controls and iptables.

引用

页码：474 / 479

页数：6

共 12 条

[1] A goal-based approach to policy refinement [J].

Bandara, AK ;

Lupu, EC ;

Moffett, J ;

Russo, A .

FIFTH IEEE INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, PROCEEDINGS, 2004, :229-239

[2]

BANDARA AK, 2006, IEEE T NETW SERV MAN, V3, P2

[3] Adding Support for Automatic Enforcement of Security Policies in NFV Networks [J].

Basile, Cataldo ;

Valenza, Fulvio ;

Lioy, Antonio ;

Lopez, Diego R. ;

Pastor Perales, Antonio .

IEEE-ACM TRANSACTIONS ON NETWORKING, 2019, 27 (02) :707-720

[4] A novel approach for integrating security policy enforcement with dynamic network virtualization [J].

Basile, Cataldo ;

Lioy, Antonio ;

Pitscheider, Christian ;

Valenza, Fulvio ;

Vallini, Marco .

2015 1ST IEEE CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT), 2015,

[5] Evaluating information security core human error causes (IS-CHEC) technique in public sector and comparison with the private sector [J].

Evans, Mark ;

He, Ying ;

Maglaras, Leandros ;

Yevseyeva, Iryna ;

Janicke, Helge .

INTERNATIONAL JOURNAL OF MEDICAL INFORMATICS, 2019, 127 :109-119

[6]

fp7, SECURED PROJECT

[7]

Gamma E, 2010, DESIGN PATTERNS, V38th, P375

[8] Interface to Network Security Functions for Cloud-Based Security Services [J].

Hyun, Sangwon ;

Kim, Jinyong ;

Kim, Hyoungshick ;

Jeong, Jaehoon ;

Hares, Susan ;

Dunbar, Linda ;

Farrel, Adrian .

IEEE COMMUNICATIONS MAGAZINE, 2018, 56 (01) :171-178

[9]

Lopez D., 2018, RFC 8329

[10] Enabling Virtual AAA Management in SDN-Based IoT Networks [J].

Molina Zarca, Alejandro ;

Garcia-Carrillo, Dan ;

Bernal Bernabe, Jorge ;

Ortiz, Jordi ;

Marin-Perez, Rafael ;

Skarmeta, Antonio .

SENSORS, 2019, 19 (02)

← 1 2 →