文章基本信息

标题：Rule-Based Synthesis of Chains of Security Functions for Software-Defined Networks
本地全文：下载
作者：Nicolas Schnepf ; Remi Badonnel ; Abdelkader Lahmadi 等
期刊名称：Electronic Communications of the EASST
电子版ISSN：1863-2122
出版年度：2019
卷号：76
页码：1-20
DOI：10.14279/tuj.eceasst.76.1075
出版社：European Association of Software Science and Technology (EASST)
摘要：Software- defined networks ( SDN ) offer a high degree of programmability for handling and forwarding packets . In particular , they allow network administrators to combine different security functions , such as firewalls , intrusion detection systems , and external services, into security chains designed to prevent or mitigate attacks against end user applications. These chains can benefit from formal techniques for their automated construction and verification . We propose in this paper a rule - based system for automating the composition and configuration of such chains for Android applications. Given the network characterization of an application and the set of permissions it requires , our rules construct an abstract representation of a custom security chain . This representation is then translated into a concrete implementation of the chain in pyretic, a domain - specific language for programming SDN controllers . We prove that the chains produced by our rules satisfy a number of correctness properties such as the absence of black holes or loops , and shadowing freedom , and that they are coherent with the underlying security policy .
关键词：Security Management; Software-Defined Networking; Android; RuleBased Programming