Usable global network access policy for process control systems

David M. Nicol, William H. Sanders, Sankalp Singh, Mouna Seri

Research output: Contribution to journalArticlepeer-review


The Access Policy Tool (APT) verifies access policy implementation against specification of global policy that encodes best practice recommendations. The APT specifies a network's global access policy and verifies that an implementation adheres to the global access policy exactly. The APT can analyze networks with heterogeneous mixtures of firewall brands and models and deals with sophisticated firewall features such as authentication. Users can browse the firewall rules, run the verifier, and display the results using the APT's graphical interface. They can use this to describe a network, import the network using an XML schema or run a program that infers the network topology from the firewall rule sets. The APT automatically highlights the devices involved in the rules in the graphical display. The APT can perform an exhaustive analysis that identifies every possible flow that violates global policy in some way or the other.

Original languageEnglish (US)
Article number4753671
Pages (from-to)30-36
Number of pages7
JournalIEEE Security and Privacy
Issue number6
StatePublished - Nov 2008

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Law


Dive into the research topics of 'Usable global network access policy for process control systems'. Together they form a unique fingerprint.

Cite this