Verifiable Policy-defined Networking for Security Management

Dinesha Ranathunga; Matthew Roughan; Phil Kernick; Nick Falkner; Hung Nguyen; Marian Mihailescu; Michelle McClintock

doi:10.5220/0005990303440351

Verifiable Policy-defined Networking for Security Management

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen, Marian Mihailescu, Michelle McClintock

2016

Abstract

A common goal in network-management is security. Reliable security requires confidence in the level of protection provided. But, many obstacles hinder reliable security management; most prominent is the lack of built-in verifiability in existing management paradigms. This shortfall makes it difficult to provide assurance that the expected security outcome is consistent pre- and post-deployment. Our research tackles the problem from first principles: we identify the verifiability requirements of robust security management, evaluate the limitations of existing paradigms and propose a new paradigm with verifi- ability built in: Formally-Verifiable Policy-Defined Networking (FV-PDN). In particular, we pay attention to firewalls which protect network data and resources from unauthorised access. We show how FV-PDN can be used to configure firewalls reliably in mission critical networks to protect them from cyber attacks.

Download

Paper Citation

in Harvard Style

Ranathunga D., Roughan M., Kernick P., Falkner N., Nguyen H., Mihailescu M. and McClintock M. (2016). Verifiable Policy-defined Networking for Security Management . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 344-351. DOI: 10.5220/0005990303440351

in Bibtex Style

@conference{secrypt16,
author={Dinesha Ranathunga and Matthew Roughan and Phil Kernick and Nick Falkner and Hung Nguyen and Marian Mihailescu and Michelle McClintock},
title={Verifiable Policy-defined Networking for Security Management},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={344-351},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005990303440351},
isbn={978-989-758-196-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Verifiable Policy-defined Networking for Security Management
SN - 978-989-758-196-0
AU - Ranathunga D.
AU - Roughan M.
AU - Kernick P.
AU - Falkner N.
AU - Nguyen H.
AU - Mihailescu M.
AU - McClintock M.
PY - 2016
SP - 344
EP - 351
DO - 10.5220/0005990303440351