A Robust Approach for the Detection and Prevention of Conflicts in I2NSF Security Policies.

Do Duc Anh Nguyen, Fabien Autrel, Ahmed Bouabdallah,Guillaume Doyen

NOMS(2023)

引用 0|浏览8
暂无评分
摘要
In order to maintain a sufficient protection level of their infrastructure, automating security management is at the core of current operators issues. The Interface to Network Security Function (I2NSF) is a framework that takes part of the Intent-Based Networking (IBN) paradigm. It consists of automating the translation of high-level policies into low-level configurations of Network Security Functions (NSF) and appears as a promising way to overcome the complexity of this challenging task. However, if the I2NSF framework provides a comprehensive architectural and data model for such an automation, it provides neither detection nor prevention mechanisms against conflicting security requirements. In this paper, we assess to what extent state-of-the-art mechanisms can shift the initial I2NSF proposal toward a robust framework. As such, we extend (1) the reference architecture to integrate some checking components and (2) the consumer-facing data model to enforce separation constraints and partial ordering relationships. By considering a large set of rules and conflicting situations, we evaluate the performance of our solution within an early implementation of I2NSF achieved in an IETF Hackathon.
更多
查看译文
关键词
Security management,I2NSF,Policy,Conflict detection and mitigation
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要