Visible to the public Research on modeling for network security policy confliction based on network topology

TitleResearch on modeling for network security policy confliction based on network topology
Publication TypeConference Paper
Year of Publication2017
AuthorsLi, L., Wu, S., Huang, L., Wang, W.
Conference Name2017 14th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP)
Keywordscampus network, Communication networks, Conflict checking, distributed network system, graph theory, IP networks, network devices, Network modeling, network security field, network security policy confliction, Network topology, Peer-to-peer computing, Policy consistency, Protocols, pubcrawl, Routing, security, security policies, security policy model, telecommunication network topology, telecommunication security

The consistency checking of network security policy is an important issue of network security field, but current studies lack of overall security strategy modeling and entire network checking. In order to check the consistency of policy in distributed network system, a security policy model is proposed based on network topology, which checks conflicts of security policies for all communication paths in the network. First, the model uniformly describes network devices, domains and links, abstracts the network topology as an undirected graph, and formats the ACL (Access Control List) rules into quintuples. Then, based on the undirected graph, the model searches all possible paths between all domains in the topology, and checks the quintuple consistency by using a classifying algorithm. The experiments in campus network demonstrate that this model can effectively detect the conflicts of policy globally in the distributed network and ensure the consistency of the network security policies.

Citation Keyli_research_2017