Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Modeling and Verification of IPSec and VPN Security Policies Hazem Hamed, Ehab Al-Shaer and Will Marrero
 

Summary: Modeling and Verification of IPSec and VPN Security Policies
Hazem Hamed, Ehab Al-Shaer and Will Marrero
School of Computer Science, DePaul University, Chicago, USA
Abstract
IPSec has become the defacto standard protocol for secure
Internet communications, providing traffic integrity, confiden-
tiality and authentication. Although IPSec supports a rich set
of protection modes and operations, its policy configuration
remains a complex and error-prone task. The complex seman-
tics of IPSec policies that allow for triggering multiple rule ac-
tions with different security modes/operations coordinated be-
tween different IPSec gateways in the network increases signif-
icantly the potential of policy misconfiguration and thereby in-
secure transmission. Successful deployment of IPSec requires
thorough and automated analysis of the policy configuration
consistency for IPSec devices across the entire network.
In this paper, we present a generic model that captures var-
ious filtering policy semantics using Boolean expressions. We
use this model to derive a canonical representation for IPSec
policies using Ordered Binary Decision Diagrams. Based on

  

Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University

 

Collections: Computer Technologies and Information Sciences