Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
-
Upload
jordi-cabot -
Category
Technology
-
view
976 -
download
0
description
Transcript of Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)
![Page 1: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/1.jpg)
Model-driven Extraction and Analysis ofNetwork Security Policies
MODELS 2013
Salvador Martınez1, Joaquın Garcıa-Alfaro2, Frederic Cuppens2,Nora Cuppens-Boulahia2, Jordi Cabot1
1AtlanMod, INRIA / Ecole de Mines de Nantes
2Telecom Bretagne ; LUSSI Department Universite Europeenne de Bretagne
October, 2013
![Page 2: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/2.jpg)
Introduction
Security is a critical concern. . .
At the network level, firewalls play a key role
Why so?
They implement access control policies in networks
Subjects = Hosts (acting as message senders)Objects = Hosts (acting as message receivers)Actions = Message sending to hosts with certain characteristics:
PortProtocol
Confidentiality
Integrity
c© AtlanMod – [email protected] 2/31
![Page 3: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/3.jpg)
Introduction
Security is a critical concern. . . At the network level, firewalls play a key role
Why so?
They implement access control policies in networks
Subjects = Hosts (acting as message senders)Objects = Hosts (acting as message receivers)Actions = Message sending to hosts with certain characteristics:
PortProtocol
Confidentiality
Integrity
c© AtlanMod – [email protected] 2/31
![Page 4: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/4.jpg)
Introduction
Security is a critical concern. . . At the network level, firewalls play a key role
Why so?
They implement access control policies in networks
Subjects = Hosts (acting as message senders)Objects = Hosts (acting as message receivers)Actions = Message sending to hosts with certain characteristics:
PortProtocol
Confidentiality
Integrity
c© AtlanMod – [email protected] 2/31
![Page 5: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/5.jpg)
Introduction
Security is a critical concern. . . At the network level, firewalls play a key role
Why so?
They implement access control policies in networks
Subjects = Hosts (acting as message senders)Objects = Hosts (acting as message receivers)Actions = Message sending to hosts with certain characteristics:
PortProtocol
Confidentiality
Integrity
c© AtlanMod – [email protected] 2/31
![Page 6: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/6.jpg)
Introduction
Security is a critical concern. . . At the network level, firewalls play a key role
Why so?
They implement access control policies in networks
Subjects = Hosts (acting as message senders)Objects = Hosts (acting as message receivers)Actions = Message sending to hosts with certain characteristics:
PortProtocol
Confidentiality
Integrity
c© AtlanMod – [email protected] 2/31
![Page 7: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/7.jpg)
Introduction
Security is a critical concern. . . At the network level, firewalls play a key role
Why so?
They implement access control policies in networks
Subjects = Hosts (acting as message senders)Objects = Hosts (acting as message receivers)Actions = Message sending to hosts with certain characteristics:
PortProtocol
Confidentiality
Integrity
c© AtlanMod – [email protected] 2/31
![Page 8: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/8.jpg)
Introduction
Security is a critical concern. . . At the network level, firewalls play a key role
Why so?
They implement access control policies in networks
Subjects = Hosts (acting as message senders)Objects = Hosts (acting as message receivers)Actions = Message sending to hosts with certain characteristics:
PortProtocol
Confidentiality
Integrity
c© AtlanMod – [email protected] 2/31
![Page 9: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/9.jpg)
Introduction
Implementation of a network security policy:
Done generally by hand
Low-level and vendor-specific rule filtering languages
Topology: Policy enforcement distributed.
CONSEQUENCES:
Knowing which policy is actually being enforced is a challenge
Possible security flaws
Hampers evolution
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
c© AtlanMod – [email protected] 3/31
![Page 10: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/10.jpg)
Introduction
Implementation of a network security policy:
Done generally by hand
Low-level and vendor-specific rule filtering languages
Topology: Policy enforcement distributed.
CONSEQUENCES:
Knowing which policy is actually being enforced is a challenge
Possible security flaws
Hampers evolution
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
c© AtlanMod – [email protected] 3/31
![Page 11: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/11.jpg)
Introduction
Implementation of a network security policy:
Done generally by hand
Low-level and vendor-specific rule filtering languages
Topology: Policy enforcement distributed.
CONSEQUENCES:
Knowing which policy is actually being enforced is a challenge
Possible security flaws
Hampers evolution
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
c© AtlanMod – [email protected] 3/31
![Page 12: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/12.jpg)
Motivation
Intranet: private hosts + administrator
DMZ providing: HTTP/HTTPS, FTP, SMTP and SSH
Public Hosts
2 firewalls controlling:Firewall 1: traffic between public hosts and DMZFirewall 2: traffic between intranet and DMZ
c© AtlanMod – [email protected] 4/31
![Page 13: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/13.jpg)
FW1 Conf.
iptables −P INPUT DROPiptables −P FORWARD DROPiptables −P OUTPUT DROP
iptables −N Out_SMTPiptables −A FORWARD −s 1 1 1 . 2 2 2 . 1 . 1 7 −d 0 . 0 . 0 . 0 / 0 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −d 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N In_SMPTiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N NetWeb_HTTPiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 80 −j NetWeb_HTTPiptables −A NetWeb_HTTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A NetWeb_HTTP −j ACCEPT
Netfilter iptables conf. file using custom chains
1 Default policy
2 Controls outcoming SMTP messages.
3 Controls incoming SMTP messages to the server
4 Controls the HTTP requests from the public hosts
5 Local hosts are not allowed to use services!!!
c© AtlanMod – [email protected] 5/31
![Page 14: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/14.jpg)
FW1 Conf.
iptables −P INPUT DROPiptables −P FORWARD DROPiptables −P OUTPUT DROP
iptables −N Out_SMTPiptables −A FORWARD −s 1 1 1 . 2 2 2 . 1 . 1 7 −d 0 . 0 . 0 . 0 / 0 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −d 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N In_SMPTiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N NetWeb_HTTPiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 80 −j NetWeb_HTTPiptables −A NetWeb_HTTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A NetWeb_HTTP −j ACCEPT
Netfilter iptables conf. file using custom chains
1 Default policy
2 Controls outcoming SMTP messages.
3 Controls incoming SMTP messages to the server
4 Controls the HTTP requests from the public hosts
5 Local hosts are not allowed to use services!!!
c© AtlanMod – [email protected] 5/31
![Page 15: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/15.jpg)
FW1 Conf.
iptables −P INPUT DROPiptables −P FORWARD DROPiptables −P OUTPUT DROP
iptables −N Out_SMTPiptables −A FORWARD −s 1 1 1 . 2 2 2 . 1 . 1 7 −d 0 . 0 . 0 . 0 / 0 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −d 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N In_SMPTiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N NetWeb_HTTPiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 80 −j NetWeb_HTTPiptables −A NetWeb_HTTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A NetWeb_HTTP −j ACCEPT
Netfilter iptables conf. file using custom chains
1 Default policy
2 Controls outcoming SMTP messages.
3 Controls incoming SMTP messages to the server
4 Controls the HTTP requests from the public hosts
5 Local hosts are not allowed to use services!!!
c© AtlanMod – [email protected] 5/31
![Page 16: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/16.jpg)
FW1 Conf.
iptables −P INPUT DROPiptables −P FORWARD DROPiptables −P OUTPUT DROP
iptables −N Out_SMTPiptables −A FORWARD −s 1 1 1 . 2 2 2 . 1 . 1 7 −d 0 . 0 . 0 . 0 / 0 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −d 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N In_SMPTiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N NetWeb_HTTPiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 80 −j NetWeb_HTTPiptables −A NetWeb_HTTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A NetWeb_HTTP −j ACCEPT
Netfilter iptables conf. file using custom chains
1 Default policy
2 Controls outcoming SMTP messages.
3 Controls incoming SMTP messages to the server
4 Controls the HTTP requests from the public hosts
5 Local hosts are not allowed to use services!!!
c© AtlanMod – [email protected] 5/31
![Page 17: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/17.jpg)
FW1 Conf.
iptables −P INPUT DROPiptables −P FORWARD DROPiptables −P OUTPUT DROP
iptables −N Out_SMTPiptables −A FORWARD −s 1 1 1 . 2 2 2 . 1 . 1 7 −d 0 . 0 . 0 . 0 / 0 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −d 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N In_SMPTiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N NetWeb_HTTPiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 80 −j NetWeb_HTTPiptables −A NetWeb_HTTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A NetWeb_HTTP −j ACCEPT
Netfilter iptables conf. file using custom chains
1 Default policy
2 Controls outcoming SMTP messages.
3 Controls incoming SMTP messages to the server
4 Controls the HTTP requests from the public hosts
5 Local hosts are not allowed to use services!!!
c© AtlanMod – [email protected] 5/31
![Page 18: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/18.jpg)
FW1 Conf.
iptables −P INPUT DROPiptables −P FORWARD DROPiptables −P OUTPUT DROP
iptables −N Out_SMTPiptables −A FORWARD −s 1 1 1 . 2 2 2 . 1 . 1 7 −d 0 . 0 . 0 . 0 / 0 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −d 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N In_SMPTiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 25 −j Out_SMTPiptables −A Out_SMTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A Out_SMTP −j ACCEPT
iptables −N NetWeb_HTTPiptables −A FORWARD −s 0 . 0 . 0 . 0 / 0 −d 1 1 1 . 2 2 2 . 1 . 1 7 −p tcp−−dport 80 −j NetWeb_HTTPiptables −A NetWeb_HTTP −s 1 1 1 . 2 2 2 . 0 . 0 / 1 6 −j RETURNiptables −A NetWeb_HTTP −j ACCEPT
Netfilter iptables conf. file using custom chains
1 Default policy
2 Controls outcoming SMTP messages.
3 Controls incoming SMTP messages to the server
4 Controls the HTTP requests from the public hosts
5 Local hosts are not allowed to use services!!!
c© AtlanMod – [email protected] 5/31
![Page 19: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/19.jpg)
Fw2. Conf
access−list eth1_acl_in remark Fw2Policy 0 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 1 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 2 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 4 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 5 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 3 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−group eth1_acl_in in interface eth1
Cisco PIX conf. file
1 Controls incoming SMTP messages to the server
2 Controls the HTTP requests
3 Add rules to the interface
c© AtlanMod – [email protected] 6/31
![Page 20: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/20.jpg)
Fw2. Conf
access−list eth1_acl_in remark Fw2Policy 0 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 1 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 2 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 4 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 5 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 3 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−group eth1_acl_in in interface eth1
Cisco PIX conf. file
1 Controls incoming SMTP messages to the server
2 Controls the HTTP requests
3 Add rules to the interface
c© AtlanMod – [email protected] 6/31
![Page 21: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/21.jpg)
Fw2. Conf
access−list eth1_acl_in remark Fw2Policy 0 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 1 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 2 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 4 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 5 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 3 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−group eth1_acl_in in interface eth1
Cisco PIX conf. file
1 Controls incoming SMTP messages to the server
2 Controls the HTTP requests
3 Add rules to the interface
c© AtlanMod – [email protected] 6/31
![Page 22: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/22.jpg)
Fw2. Conf
access−list eth1_acl_in remark Fw2Policy 0 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 1 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 2 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 25
access−list eth1_acl_in remark Fw2Policy 4 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 4 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 5 (global)access−list eth1_acl_in deny tcp host 1 1 1 . 2 2 2 . 2 . 5 3 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−list eth1_acl_in remark Fw2Policy 3 (global)access−list eth1_acl_in permit tcp 1 1 1 . 2 2 2 . 2 . 0 2 5 5 . 2 5 5 . 2 5 5 . 0 1 1 1 . 2 2 2 . 1 . 1 7 eq 80
access−group eth1_acl_in in interface eth1
Cisco PIX conf. file
1 Controls incoming SMTP messages to the server
2 Controls the HTTP requests
3 Add rules to the interface
c© AtlanMod – [email protected] 6/31
![Page 23: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/23.jpg)
Example: Evaluation
Expert knowledge about netfilter iptables and Cisco PIX is required:Its syntaxIts execution semantics
The topology has to be known to ease the understanding on the policy ofthe individual firewalls.
All the firewalls have to be taken into account to derive a global policy.
Some numbers: M: Number of firewalls and N: Number of rulesBig companies M >> N example BNP network: M ≈ 1000,N ≈ 100Small companies N >> M
Manual approach?
for corporate networks, M (potentially from different vendors) and N are bigenough to make the task very hard.
c© AtlanMod – [email protected] 7/31
![Page 24: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/24.jpg)
Example: Evaluation
Expert knowledge about netfilter iptables and Cisco PIX is required:Its syntaxIts execution semantics
The topology has to be known to ease the understanding on the policy ofthe individual firewalls.
All the firewalls have to be taken into account to derive a global policy.
Some numbers: M: Number of firewalls and N: Number of rulesBig companies M >> N example BNP network: M ≈ 1000,N ≈ 100Small companies N >> M
Manual approach?
for corporate networks, M (potentially from different vendors) and N are bigenough to make the task very hard.
c© AtlanMod – [email protected] 7/31
![Page 25: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/25.jpg)
Example: Evaluation
Expert knowledge about netfilter iptables and Cisco PIX is required:Its syntaxIts execution semantics
The topology has to be known to ease the understanding on the policy ofthe individual firewalls.
All the firewalls have to be taken into account to derive a global policy.
Some numbers: M: Number of firewalls and N: Number of rulesBig companies M >> N example BNP network: M ≈ 1000,N ≈ 100Small companies N >> M
Manual approach?
for corporate networks, M (potentially from different vendors) and N are bigenough to make the task very hard.
c© AtlanMod – [email protected] 7/31
![Page 26: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/26.jpg)
Approach
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
Our proposal
Model-driven extraction process towards a network access-control modelrepresenting the global policy of the system.
c© AtlanMod – [email protected] 8/31
![Page 27: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/27.jpg)
Approach
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
Our proposal
Model-driven extraction process towards a network access-control modelrepresenting the global policy of the system.
c© AtlanMod – [email protected] 8/31
![Page 29: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/29.jpg)
Approach: Injection
Mere translation between technical spaces:
No information-loss
Same abstraction level
Requirements: For each different rule-filtering language we need
A PSM
A parser
An injector
We can obtain this by providing the language grammar to XTEXT
c© AtlanMod – [email protected] 10/31
![Page 30: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/30.jpg)
Approach: Injection
Mere translation between technical spaces:
No information-loss
Same abstraction level
Requirements: For each different rule-filtering language we need
A PSM
A parser
An injector
We can obtain this by providing the language grammar to XTEXT
c© AtlanMod – [email protected] 10/31
![Page 31: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/31.jpg)
Approach: Injection
Mere translation between technical spaces:
No information-loss
Same abstraction level
Requirements: For each different rule-filtering language we need
A PSM
A parser
An injector
We can obtain this by providing the language grammar to XTEXT
c© AtlanMod – [email protected] 10/31
![Page 32: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/32.jpg)
Implementation: XTEXT
Model :rules += Rule∗;
Rule :AccessGroup | AccessList ;
AccessGroup :’access−group ’ id=ID ’in ’ ’interface ’interface=Interface ;
Interface :id=ID ;
AccessList :( ’no ’ ) ? ’access−list ’ id=IDdecision=( ’deny ’ | ’permit ’ )protocol=ProtocolprotocolObjectGroup=ProtocolObjectGroupserviceObjectGroup=ServiceObjectGroupnetworkObjectGroup=NetworkObjectGroup ;
ProtocolObjectGroup :(pogId=ID) ? sourceAddress=IPExprsourceMask=MaskExpr ;
ServiceObjectGroup :targetAddress=IPExpr targetMask=IPExpr ;
NetworkObjectGroup :operator=Operator port=INT ;
Operator :name=( ’eq ’ | ’lt ’ | ’gt ’ ) ;
Protocol :name= ( ’tcp ’ | ’udp ’ | ’ip ’ ) ;
IPExpr :INT ’ . ’ INT ’ .
Figure: Cisco Metamodel excerpt
c© AtlanMod – [email protected] 11/31
![Page 33: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/33.jpg)
Implementation: XTEXTModel :
rules += Rule∗;Rule :
declaration=ChainDeclaration |filter=FilterDeclaration ;
FilterDeclaration :filter=FilteringSpec ;
FilteringSpec :FilterSpec ;
FilterSpec :’iptables ’ option=(’−A ’ | ’−D ’ | ’−P ’ )chain=Chain ((’−src ’ | ’−s ’ ) ip=IPExpr) ?(’−i ’ interface=Interface) ?(’−d ’ ipDst=IPExpr) ?(’−p ’ protocol=Protocol) ?(’−m ’ matches=Protocol) ?(’−−sport ’ sourcePort=INT) ?(’−−dport ’ destinationPort=INT) ?(’−j ’ ) ? target=Target ;
Interface :name=ID ;
Protocol :Tcp | Udp | Icmp ;
Target :ID ;
Chain :chainName = ID ;
CustomChain :name=[ChainName ] ;
ChainDeclaration :’iptables ’ ’−N ’ ChainName ;
ChainName :name=ID ;
IPExpr :INT ’ . ’ INT ’ .
Figure: Iptables Metamodel excerpt
c© AtlanMod – [email protected] 12/31
![Page 34: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/34.jpg)
Approach
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
c© AtlanMod – [email protected] 13/31
![Page 35: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/35.jpg)
Approach
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
c© AtlanMod – [email protected] 13/31
![Page 36: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/36.jpg)
Approach: PSM2PIM
Simplest PIM: Ri : {conditions} → {decision}
i: order within the the conf filecondition: a set of rule matching attributes like ip source addressdecision: accept or deny
Problems?
Highly redundant and disperse
Not suited to represent exception oriented access-control
Anomalies (positive-negative logic conflicts + execution algorithm)
c© AtlanMod – [email protected] 14/31
![Page 37: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/37.jpg)
Approach: PSM2PIM
Simplest PIM: Ri : {conditions} → {decision}
i: order within the the conf filecondition: a set of rule matching attributes like ip source addressdecision: accept or deny
Problems?
Highly redundant and disperse
Not suited to represent exception oriented access-control
Anomalies (positive-negative logic conflicts + execution algorithm)
c© AtlanMod – [email protected] 14/31
![Page 38: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/38.jpg)
Metamodel
Network Access-control Metamodel
Platform-independent
Supports the representation of exceptions
Supports the identification of anomalies
c© AtlanMod – [email protected] 15/31
![Page 39: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/39.jpg)
PSM2PIM
First step: Transform the PSM into the corresponding PIM
Rule shadowing: a rule R is shadowed when it never applies because anotherrule with higher priority matches all the packets it may match.
Rule redundancy: a rule R is redundant when it is not shadowed and removingit from the rule set does not change the security policy.
Rule irrelevance: a rule R is irrelevant when it is meant to match packets thatdoes not pass by a given firewall.
Second step: PIM refinement
Improves internal organization: Representation of exceptions
Detection of anomalies
c© AtlanMod – [email protected] 16/31
![Page 40: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/40.jpg)
PSM2PIM refining algorithm 1
Algorithm 1
1: C← All Connections2: Caccept← Ci ∈ C (Ci .decision = Accept)3: for each Ci ∈ Caccept do4: Cdeny← CJ ∈ C (Cj .decision = Deny and Matched of Cj ⊆ matched Ci )5: for each Cj ∈ Cdeny do6: if Cj .order < Ci .order then7: Create Exception8: Remove Cj
9: else10: Cj .IsShadowed ← true11: end if12: end for13: end for14: Cdeny← Cj ∈ C (Cj .decision=Deny and Cj .isShadowed=false)15: for each Ci ∈ Cdeny do16: Cj .IsRedundant ← true17: end for
c© AtlanMod – [email protected] 17/31
![Page 41: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/41.jpg)
PSM2PIM refining algorithm 1
Algorithm 1
1: C← All Connections2: Caccept← Ci ∈ C (Ci .decision = Accept)
3: for each Ci ∈ Caccept do
4: Cdeny← CJ ∈ C (Cj .decision = Deny and Matched of Cj ⊆ matched Ci )
5: for each Cj ∈ Cdeny do6: if Cj .order < Ci .order then
7: Create Exception
8: Remove Cj
9: else10: Cj .IsShadowed ← true
11: end if12: end for13: end for14: Cdeny← Cj ∈ C (Cj .decision=Deny and Cj .isShadowed=false)15: for each Ci ∈ Cdeny do
16: Cj .IsRedundant ← true
17: end for
c© AtlanMod – [email protected] 18/31
![Page 42: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/42.jpg)
Implementation: ATL
r u l e deleteDeny{from
s : NetworkAC ! Connection (s . decision = #Deny andthisModule .
↪→TotalExceptionRules
↪→ . includes ( s ) )to
drop
t : NetworkAC ! Exception (decision <− s . decision ,dstPort <− s . dstPort ,firewall <− s . firewall ,order <− s . order ,protocol <− s . protocol ,source <− s . source ,srcPort <− s . srcPort ,target <− s . target
)}
r u l e MarkShadowed{from
s : NetworkAC ! Connection (s . decision = #Deny andthisModule . ShadowedRules .
↪→includes ( s ) )to
t : NetworkAC ! Connection (isShadowed <− true
)}
r u l e MarkRedundant{from
s : NetworkAC ! Connection (s . decision = #Deny andthisModule . ShadowedRules .
↪→excludes ( s )andthisModule .
↪→TotalExceptionRules
↪→ . excludes ( s ) )to
t : NetworkAC ! Connection (isRedundant <− true
)}
c© AtlanMod – [email protected] 19/31
![Page 43: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/43.jpg)
Approach
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
c© AtlanMod – [email protected] 20/31
![Page 44: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/44.jpg)
Approach
Solution? Raise abstraction level
Abstracts from low-level system specificities
Abstracts from topology
Simplifies management of the policy
c© AtlanMod – [email protected] 20/31
![Page 45: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/45.jpg)
PIM Aggregation
An individual firewall gives only a partial vision of the security enforced in thewhole network.E.g., The access to the SMTP service is managed by both firewalls, oneallowing the access from the public host and one allowing the access from theintranet.
We need to aggregate the individual models!!
REVERSIBLE: Each Connection keeps original firewall and rule ordering.
GlobalModel = Mi ∪Mj . . . ∪Mn
Refinement to assign types to Network Elements
c© AtlanMod – [email protected] 21/31
![Page 47: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/47.jpg)
Applications: Refinement
Individual firewalls may contain only locally relevant information.
We need to discern between locally and globally relevant information!!
The global model is easier to understand
Isolate the policy from the enforcement topology
Algorithm 2
1: C← All Connections2: E← All Exceptions3: for each Ei ∈ E do4: L← Ci ∈ C (Ci .firewall 6= Ei .firewall and Matched of Ci ⊆ matched Ei )5: if L 6= ∅ then6: Ei .IsLocal ← true7: for each Ci ∈ L do8: Ci .IsLocal ← true9: end for
10: end if11: end for
c© AtlanMod – [email protected] 23/31
![Page 48: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/48.jpg)
Applications:Metrics & queries
We query our model for the existence of any connection allowing theadministrator host (111.222.2.54) to connect to the server (111.222.1.17):
E v a l u a t i n g :
s e l f . c o n n e c t i o n s −>e x i s t s (e | e . s o u r c e . i p A d d r = ’ 1 1 1 . 2 2 2 . 2 . 5 4 ’a n d e . t a r g e t . i p A d d r = ’ 1 1 1 . 2 2 2 . 1 . 1 7 ’ )
R e s u l t s :f a l s e
c© AtlanMod – [email protected] 24/31
![Page 49: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/49.jpg)
Applications:Metrics & queries
We query our model for the existence of any connection allowing theadministrator host (111.222.2.54) to connect to the server (111.222.1.17):
E v a l u a t i n g :
s e l f . c o n n e c t i o n s −>e x i s t s (e | e . s o u r c e . i p A d d r = ’ 1 1 1 . 2 2 2 . 2 . 5 4 ’a n d e . t a r g e t . i p A d d r = ’ 1 1 1 . 2 2 2 . 1 . 1 7 ’ )
R e s u l t s :f a l s e
c© AtlanMod – [email protected] 24/31
![Page 52: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/52.jpg)
Applications:PIM 2 XACML
XACML PIM MetamodelPolicySet A PolicySet containing a Policy is created for each firewall
in the PIMPolicy All the Connections and Exceptions belonging to a given
firewallRule A single connection or ExceptionSubject Source NetworkElement address and source port of a given
Connection or ExceptionResource Target NetworkElement address and target port a given
Connection or ExceptionAction Not mapped. The action is always the ability of sending a
message.Condition Protocol field
Table: PIM to XACML Mappings
c© AtlanMod – [email protected] 27/31
![Page 53: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/53.jpg)
Applications:PIM 2 XACML
<Rule Effect=”Deny” RuleId=”1”><Description /><Target>
<Subjects><Subject>
<SubjectMatch MatchId=””><AttributeValue DataType=”http : / /www .w3 .org/2001/XMLSchema#string”>111.222.2.54 </AttributeValue><SubjectAttributeDesignator />
</SubjectMatch></Subject>
</Subjects><Resources>
<Resource><ResourceMatch MatchId=”urn :oasis :names :tc :xacml : 1 . 0 : function :string−equal”>
<AttributeValue DataType=”http : / /www .w3 .org/2001/XMLSchema#string”>111.222.1.17 </AttributeValue><ResourceAttributeDesignator />
</ResourceMatch></Resource>
</Resources></Target><Condition>
<SubjectAttributeDesignator AttributeId=”protocol”DataType=”http : / /www .w3 .org/2001/XMLSchema#string” />
</Condition></Rule>
c© AtlanMod – [email protected] 28/31
![Page 54: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/54.jpg)
Implementation
Eclipse-based implementation
EMF as modelling framework
XTEXT as DSL definition framework
ATL as transformation framework
XPAND as Model to Text framework
http://www.emn.fr/z-info/atlanmod/index.php/Firewall_Reverse_
Engineering
c© AtlanMod – [email protected] 29/31
![Page 55: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/55.jpg)
Implementation
Eclipse-based implementation
EMF as modelling framework
XTEXT as DSL definition framework
ATL as transformation framework
XPAND as Model to Text framework
http://www.emn.fr/z-info/atlanmod/index.php/Firewall_Reverse_
Engineering
c© AtlanMod – [email protected] 29/31
![Page 56: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/56.jpg)
Implementation
Eclipse-based implementation
EMF as modelling framework
XTEXT as DSL definition framework
ATL as transformation framework
XPAND as Model to Text framework
http://www.emn.fr/z-info/atlanmod/index.php/Firewall_Reverse_
Engineering
c© AtlanMod – [email protected] 29/31
![Page 57: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/57.jpg)
Implementation
Eclipse-based implementation
EMF as modelling framework
XTEXT as DSL definition framework
ATL as transformation framework
XPAND as Model to Text framework
http://www.emn.fr/z-info/atlanmod/index.php/Firewall_Reverse_
Engineering
c© AtlanMod – [email protected] 29/31
![Page 58: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/58.jpg)
Implementation
Eclipse-based implementation
EMF as modelling framework
XTEXT as DSL definition framework
ATL as transformation framework
XPAND as Model to Text framework
http://www.emn.fr/z-info/atlanmod/index.php/Firewall_Reverse_
Engineering
c© AtlanMod – [email protected] 29/31
![Page 59: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/59.jpg)
Implementation
Eclipse-based implementation
EMF as modelling framework
XTEXT as DSL definition framework
ATL as transformation framework
XPAND as Model to Text framework
http://www.emn.fr/z-info/atlanmod/index.php/Firewall_Reverse_
Engineering
c© AtlanMod – [email protected] 29/31
![Page 60: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/60.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 61: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/61.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 62: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/62.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 63: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/63.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 64: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/64.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 65: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/65.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 66: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/66.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 67: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/67.jpg)
Conclusions & Future Works
MDE succeeds to isolate the policy from low-level specificities
Easier to understand
Easier to manipulate (reusability of proved MDE tools)
Enables migration and evolution.
Future Works
Extend to other network components such as MPLS routers, IDS, etc
Extend XACML with network-specific attributes
Apply our approach to real corporation networks
c© AtlanMod – [email protected] 30/31
![Page 68: Model-driven Extraction and Analysis of Network Security Policies (at MoDELS'13)](https://reader030.fdocuments.net/reader030/viewer/2022020207/554f46ebb4c905524c8b469c/html5/thumbnails/68.jpg)
Thank you!
Thank you!
Contact:
Salvador MartınezAtlanMod, INRIA and Ecole des Mines de Nantes
salvador.martinez [email protected]
c© AtlanMod – [email protected] 31/31