DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

More documents

Recommendations

Info

Security Analysis and ValidationAnalysis and deployment of security policiesResearch Staff : Frédéric Cuppens, Nora Cuppens-Boulahia, Laurent ToutainPh.D. Students: Stere PredaKeywords : Security component configuration, rule rewriting, policy aggregationApplications : Automatic deployment of security policiesPartners & Funding : partially funded by ANR in the framework of the RNRT Politess project and byConseil Régional de Bretagne through the Sec6 grant.IntroductionThe configuration of network securitycomponents, such as firewalls and networkintrusion detection systems (NIDSs), is usuallybased on the distribution of security rules thatstate what is permitted and what is prohibitedin a system during normal operations. Thisconfiguration must be consistent, addressingthe same decisions under equivalentconditions, and not repeating the same actionsmore than once. Otherwise, the existence ofanomalies in these rules may lead to weaksecurity policies (potentially easy to be evadedby unauthorized parties). Our research workproposes the combination of two mainstrategies in order to manage this problem.The first strategy is the use of an auditmechanism that analyzes already deployedconfigurations, signals inconsistencies, andyields consistent configurations. Moreover,through this mechanism we can fold existingpolicies and create a consistent and global setof rules — easy to maintain and manage byusing a single syntax. The second strategy isthe use of a refinement mechanism thatguarantees the proper deployment of suchrules into the system, yet free ofinconsistencies.This work was partially done in Politess(POLitiques de sécurité pour des systèmesd’information en réseau: modélisation,déploiement, TESt et surveillance), a RNRTproject, which aims at improving theconfidence in security policies by the use ofdeployment, monitoring techniques andconformance testing.RealizationTo achieve the automatic deployment ofsecurity rules, we first express formally thesecurity policy to be enforced using the OrBACmodel (Organization Base Access Control).Then we take advantage of the hierarchicalstructure of OrBAC entities (organizations,roles, activities, views contexts, permissionsand prohibitions) to automatically derive otherprivileges using the inheritance mechanisms.So the inheritance of positive or negativeauthorizations (permissions and prohibitions)has been analyzed and formally stated [1].Conflict Management has also been studied.The derivation of the security rules is a threephaseprocess (see figure below).Or-BAC NetworkSecurity policyXMLGenericXSLTXSLTrulesfirewallXMLCheckpoint . . . PIX rules NetFilter IpFilter . . .rulesrulesrulesThe process has been used to generatesecurity rules for an open source firewall(Netfilter), Netasq IPS (Intrusion ProtectionSystem) and also for the intrusion detectionsystem Snort [2].Our proposed strategies have beenimplemented as an extension of a softwareprototype called MIRAGE (which stands forMIconfiguRAtion manaGEr). Actually, MIRAGEimplements two different approaches. First,MIRAGE implements an audit process to detectand fix configuration errors over componentsalready deployed. Second, MIRAGE alsoimplements a refinement process to properlydeploy the global set of rules over the system'scomponents [3]. This refinement mechanismguarantees that the set of rules deployed over32 Extract of Pracom’s Annual Report 2008
the different components is consistent and notredundant.ConclusionAs work in progress, we are currently studyinghow to extend our approach in the case wherethe security architecture includes IPv6 devices.More specifically, the construction of new VPNtunnels (e.g., IPv6-over-IPv4) for IPv6networks must be revised, and moreinvestigation has to be done in order to extendthe approach aforementioned. In parallel tothis work, we are also extending our approachto make cooperate routing and tunnellingpolicies.and deploy a network security policy. SecondWorkshop on Formal Aspects in Security andTrust (FAST). Toulouse, France. August 2004.[2] S. Preda, N. Cuppens-Boulahia, F.Cuppens, J. Garcia-Alfaro, L. Toutain. ReliableProcess for Security Policy Deployment.International Conference on Security andCryptography (Secrypt 2007), Barcelona,Spain, July 2007.[3] J. G. Alfaro, F. Cuppens, and N. Cuppens-Boulahia. “Aggregating and Deploying NetworkAccess Control Policies”. In 2nd InternationalConference on Availability, Reliability andSecurity (ARES 2007), April 2007.References[1] F. Cuppens, N. Cuppens-Boulahia, T. Sansand A. Miège. A formal approach to specifyExpression of security policiesResearch Staff : Frédéric Cuppens, Nora Cuppens-Boulahia, Fabien AutrelKeywords : Security policy, OrBACApplications : Security policy specificationPartners & Funding : partially funded by ANR in the framework ot the SETIN Polux projectIntroductionCurrent information systems have to facemany threats that attempt to exploit theirvulnerabilities. Moreover, since informationsystems tend to be increasingly complex,specifying their security policy is a tedious anderror-prone task. In this context, specifyingconsistent, relevant and complete securitypolicies of information systems is a majorchallenge for researchers.There are many advantages of using a formalapproach to specify the policy: (1) It providesnon ambiguous specification of securityrequirements, (2) It is possible to developsupport tools to formally analyze theserequirements, (3) It is also possible to developsupport tools to assist the securityadministrator in the task of automaticallydeploying these requirements over a securityarchitecture.A security policy may actually specify verydifferent security requirements. The literaturehas primarily focused on access control andinformation flow control requirements andmore recently on authentication and usagecontrol requirements. Specifying administrationand delegation policies is also a more andmore important issue, especially in the contextof pervasive distributed systems. Finally, thesecurity policy should also specifyrequirements that apply when some intrusionsoccur. They are called reaction requirementsand are also part of the security policy.The ANR SETIN POLUX project (Policy UnifiedExpression) aims to define an environment toexpress access and usage control policies andapply it to a set of components performingprotection, detection and reactionfunctionalities. The security policy must bespecified using precise and non ambiguousformal languages in order to prove the formalverification and validation of the security policydeployment over heterogeneous systems.Pracom’s Annual Report 2008 33
Page 2 and 3:
Présentation générale...........
Page 4 and 5:
Activités d’enseignementLe dépa
Page 6 and 7:
Activités de rechercheLe départem
Page 8 and 9: Notre implication dans les organism
Page 10 and 11: le cadre du projet NextTV4all où l
Page 12 and 13: cloisonnement par domaine tels qu
Page 14 and 15: - le GIS ITS (Intelligent Transport
Page 16 and 17: Twente aux Pays Bas, Université de
Page 18 and 19: Liste des doctorants présents en 2
Page 20 and 21: Annexe 2 : liste des publicationsAr
Page 22 and 23: COMA-BREBEL Céline, CUPPENS Nora,
Page 24 and 25: PHAN LE Cam Tu, CUPPENS Frédéric,
Page 26 and 27: Annexe 3 : description détaillée
Page 28 and 29: Access Control ....................
Page 30 and 31: schemes specifically suitable for l
Page 32 and 33: An easy-to-use solution for IPv6 co
Page 34 and 35: Loss Synchronization and Router Buf
Page 36 and 37: Sensor NetworksRandom Walk Techniqu
Page 38 and 39: Suppressing Neighbor Discovery in W
Page 40 and 41: Media and NetworksIP-based transmis
Page 42 and 43: One of the most difficult aspects o
Page 44 and 45: Another direction is the associatio
Page 46 and 47: classes. In our simple study case,
Page 48 and 49: Management of Multiple Access Netwo
Page 50 and 51: Adaptation of Multimedia Flows in a
Page 52 and 53: Optimized mobility management in he
Page 54 and 55: ecause it offers a generic framewor
Page 56 and 57: Future workOur next step is to fina
Page 60 and 61: RealizationFigure 1 shows a classif
Page 62 and 63: Policy AdministrationResearch Staff
Page 64 and 65: execution in a distributed manner.
Page 66 and 67: Intrusion DetectionDetection and co
Page 68 and 69: eported alerts have to be managed b
Page 70 and 71: inside the corresponding detection
Page 72 and 73: function has a limitation that it d
Page 74 and 75: 1) Normal Node behavior simulation:
Page 76 and 77: negotiation. These strategies speci
Page 78 and 79: A Fast Adaptative Secure Technology
Page 80 and 81: estricted to the organization to wh
Page 82 and 83: ights and external identities, and
Page 84 and 85: Peer 2 peerP2PIm@gesResearch Staff
Page 86 and 87: Managing a Peer-to-Peer Storage Sys
Page 88 and 89: Applications of networks to transpo
Page 90 and 91: Adaptive Application Support in Mob
Page 92 and 93: Wireless Mesh NetworksResearch Staf
Page 94 and 95: TestbedsA showroom for practical IP
Page 96 and 97: egistrar and proxies, video streami
show all

DÃ©partement RÃ©seau, SÃ©curitÃ© et MultimÃ©dia Rapport d'ActivitÃ©s 2008

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?