Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jiajie Xu Hyeon Cha Daniel San Martin Lens 1.  Introduction  Related work and formal approaches  Motivating example  Security Policy Specification.

Similar presentations


Presentation on theme: "Jiajie Xu Hyeon Cha Daniel San Martin Lens 1.  Introduction  Related work and formal approaches  Motivating example  Security Policy Specification."— Presentation transcript:

1 Jiajie Xu Hyeon Cha Daniel San Martin Lens 1

2  Introduction  Related work and formal approaches  Motivating example  Security Policy Specification Model  Security Implementation Model  SAT Based Verification Procedure  Conclusion 2

3 3 …..

4  Two major challenges : 1. To check whether the security policy specification contains any conflicting rules. 2. To verify whether the security implementations conform to the enterprise-wide security policy. 4

5  The research work: 1. Firewall analysis algorithms and tools. 2. Security policy specification languages. 3. Network security analysis using formal approaches.  Formal approaches: 1. The FIREMAN Toolkit (e.g. Network Policy Enforcement tool) 2. SAT based approach 5

6  The distributed ACL implementation may not satisfy the policy due to 2 reasons : 1. Unlocked hidden service access paths 2. Combined ACL rules may not conform to the policy  Measures: A correct ACL implementation should restrict hidden access paths consistently to satisfy the security policy. 6

7 7 P.Bera, S.K.G, Pallab D, “Policy Based Security Analysis in Enterprise Networks: A Formal Approach”, IEEE, pp A typical enterprise network

8  Security Policy Specification Language(SPSL)  Has been proposed to model the network topology and the policy rules in an enterprise.  Can be classified as: 1.Network Topology specification 2.Network Service and Policy rule specification  The specification generated from this phase denies the enterprise-wide security policy model, G P. 8

9  Security Policy Specification Language(SPSL) 1.Network Topology specification Zone ZONE_11 [ ]; Interface int_R12 [ ]; Router R1 [int_R12, int_R13, int_R14]; 2.Network Service and Policy rule specification Network Service service http = TCP [port = 80]; service ssh = TCP [port>20 AND port<23]; Static and Temporal Policy Rules deny ssh(ZONE_1, ZONE_2); permit telnet([ZONE_11,ZONE_2], ZONE_12); deny http(ZONE_1, PROXY)[const = week_day( )]; 9

10  Hidden Access Path Analysis  To resolve the hidden access paths from the security policy model, G P, the above formulas need to be represented in terms of ‘deny’ rules. Taking negation of each of the formulas in the hidden access path model. 10

11 11  Translating ACL Rules into Service Flow Rule Base  Rule header ▪ Holds binding information of the rule to an ACL group and the associated network interface  Functional clause ▪ Holds the functional components of each ACL rule.

12  Generating Conflict-free Topology-independent Implementation Model The ACL rule base may have various inter-rule conflicts due to rule component dependencies ▪ Rule subsuming conflict ▪ P1 : permit TCP X1, Y1 eq ssh; ▪ P2 : deny TCP X, Y eq ssh; ▪ To make these rules conflict-free it requires two additional rules: P′2 : deny TCP (X-X1), Y eq ssh; P′′2 : deny TCP X, (Y-Y1) eq ssh; 12

13  Generating Conflict-free Topology-independent Implementation Model The ACL rule base may have various inter-rule conflicts due to rule component dependencies ▪ Rule over-riding conflict ▪ P3 : permit TCP X, Y eq http; ▪ P4 : deny TCP X, Y eq http; ▪ To make these rules conflict-free it requires deletion of P4 from the rule base 13

14  Reduces the verification problem into a Boolean function and checks its satisfiability.  Boolean Reduction of Models  The Boolean reduction of these models requires functional mapping the rule components into Boolean variables.  The rule components include service(protocol, port number), source zone, destination zone, time-constraints and action.  The policy and ACL implementation rule bases are separately reduced to corresponding Boolean models, and respectively 14

15  SAT solver and SAT query formation  The zChaff SAT solver takes a Boolean formula in standard conjunctive normal form (CNF) as query and checks the satisfiability of that formula.  It is sufficient to check the un-satisfiability of the expression: ⊕. 15

16  Implementation and Verification Results 16 P.Bera, S.K.G, Pallab D, “Policy Based Security Analysis in Enterprise Networks: A Formal Approach”, IEEE, pp

17  High level modeling of enterprise-wide security policy ( ) using a policy specification language, SPSL.  Formalizing the hidden access rules and resolving such conflicts from to generate a conflict-free policy model  Formal modeling of the network topology and distributed ACL implementations which is represented as.  Boolean reduction of the policy and implementation models, and ; verifying their exact matching using a SAT solver. 17

18  Good research of previous related work.  Simple, easy to follow example to explain key concepts of the approach.  The time complexity of the algorithm scales to n^2 making it hard to replicate in bigger enterprise environments.  The amount of rules tested do not seem to be sufficient to be compared to an enterprise network. 18

19 19


Download ppt "Jiajie Xu Hyeon Cha Daniel San Martin Lens 1.  Introduction  Related work and formal approaches  Motivating example  Security Policy Specification."

Similar presentations


Ads by Google