Lightbulb: A Toolkit for Analysis of Security Policy Interactions

Kong, Derrick; Mandelberg, David; Lapets, Andrei; Watro, Ronald; Smith, Daniel; Runkle, Matthew

Home // ICN 2015, The Fourteenth International Conference on Networks // View article

Lightbulb: A Toolkit for Analysis of Security Policy Interactions

Authors:
Derrick Kong
David Mandelberg
Andrei Lapets
Ronald Watro
Daniel Smith
Matthew Runkle

Keywords: cyber security; security policy; network security policy; access control; logic programming; formal verification

Abstract:
Lightbulb is a toolkit for analysis of the combined impact of a set of diverse security policies. It is designed to se- curely access and collect the security policy configuration data from the hosts, routers, and firewalls that comprise a network enclave. Lightbulb loads the collected security configuration data into a modeling tool and allows system administrators to run queries against the model with the intent to verify desired security properties of the composite system. If a policy query fails, the user is given a specific instance of the policy violation that can be investigated and resolved. The overall toolkit pro- vides an extensible framework for rigorous verification of se- curity policies of network devices.

Pages: 151 to 156

Copyright: Copyright (c) IARIA, 2015

Publication date: April 19, 2015

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-61208-398-8

Location: Barcelona, Spain

Dates: from April 19, 2015 to April 24, 2015