A Formal Data Flow-Oriented Model For Distributed Network Security Conflicts Detection

El Khoury, Hicham; Laborde, Romain; Barrère, François; Chamoun, Maroun; Benzekri, Abdelmalek

Home // ICNS 2012, The Eighth International Conference on Networking and Services // View article

A Formal Data Flow-Oriented Model For Distributed Network Security Conflicts Detection

Authors:
Hicham El Khoury
Romain Laborde
François Barrère
Maroun Chamoun
Abdelmalek Benzekri

Keywords: network security; security conflict detection; data flow modeling; Colored Petri Nets

Abstract:
Network security is inherently a distributed function that involves the coordination of a set of devices, each device affording its specific security features. The complexity of this task resides in the number, the nature, and the interdependence of the mechanisms. Any security service can interfere with others creating a breach in the whole network security. We propose a formal data flow oriented model to detect network security conflicts. Network security services are represented by specific abstract functions that can modify the data flow. We have specified our model in hierarchical Colored Petri Nets to automate the conflicts detection analysis. This approach has been tested on various NAPT/IPsec scenarios to prove that without any a priori knowledge these conflicts can be detected.

Pages: 20 to 27

Copyright: Copyright (c) IARIA, 2012

Publication date: March 25, 2012

Published in: conference

ISSN: 2308-4006

ISBN: 978-1-61208-186-1

Location: St. Maarten, The Netherlands Antilles

Dates: from March 25, 2012 to March 30, 2012