Usable global network access policy for process control systems

David M. Nicol; William H. Sanders; Sankalp Singh; Mouna Seri

doi:10.1109/MSP.2008.159

Usable global network access policy for process control systems

David M. Nicol, William H. Sanders, Sankalp Singh, Mouna Seri

Research output: Contribution to journal › Article › peer-review

Abstract

The Access Policy Tool (APT) verifies access policy implementation against specification of global policy that encodes best practice recommendations. The APT specifies a network's global access policy and verifies that an implementation adheres to the global access policy exactly. The APT can analyze networks with heterogeneous mixtures of firewall brands and models and deals with sophisticated firewall features such as authentication. Users can browse the firewall rules, run the verifier, and display the results using the APT's graphical interface. They can use this to describe a network, import the network using an XML schema or run a program that infers the network topology from the firewall rule sets. The APT automatically highlights the devices involved in the rules in the graphical display. The APT can perform an exhaustive analysis that identifies every possible flow that violates global policy in some way or the other.

Original language	English (US)
Article number	4753671
Pages (from-to)	30-36
Number of pages	7
Journal	IEEE Security and Privacy
Volume	6
Issue number	6
DOIs	https://doi.org/10.1109/MSP.2008.159
State	Published - Nov 2008

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering
Law

Online availability

10.1109/MSP.2008.159

Library availability

Discover UIUC Full Text

Cite this

@article{6d87c406398b40e49e3e537cb57937cc,

title = "Usable global network access policy for process control systems",

abstract = "The Access Policy Tool (APT) verifies access policy implementation against specification of global policy that encodes best practice recommendations. The APT specifies a network's global access policy and verifies that an implementation adheres to the global access policy exactly. The APT can analyze networks with heterogeneous mixtures of firewall brands and models and deals with sophisticated firewall features such as authentication. Users can browse the firewall rules, run the verifier, and display the results using the APT's graphical interface. They can use this to describe a network, import the network using an XML schema or run a program that infers the network topology from the firewall rule sets. The APT automatically highlights the devices involved in the rules in the graphical display. The APT can perform an exhaustive analysis that identifies every possible flow that violates global policy in some way or the other.",

author = "Nicol, {David M.} and Sanders, {William H.} and Sankalp Singh and Mouna Seri",

note = "Funding Information: The US Department of Homeland Security, through grant award number 2006-CS-001-000001 under the auspices of the Institute for Information Infrastructure Protection (I3P) research program, partly supported this work. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the US Department of Homeland Security, the I3P, or Dartmouth College, which manages the I3P program.",

year = "2008",

month = nov,

doi = "10.1109/MSP.2008.159",

language = "English (US)",

volume = "6",

pages = "30--36",

journal = "IEEE Security and Privacy",

issn = "1540-7993",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "6",

}

TY - JOUR

T1 - Usable global network access policy for process control systems

AU - Nicol, David M.

AU - Sanders, William H.

AU - Singh, Sankalp

AU - Seri, Mouna

N1 - Funding Information: The US Department of Homeland Security, through grant award number 2006-CS-001-000001 under the auspices of the Institute for Information Infrastructure Protection (I3P) research program, partly supported this work. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the US Department of Homeland Security, the I3P, or Dartmouth College, which manages the I3P program.

PY - 2008/11

Y1 - 2008/11

N2 - The Access Policy Tool (APT) verifies access policy implementation against specification of global policy that encodes best practice recommendations. The APT specifies a network's global access policy and verifies that an implementation adheres to the global access policy exactly. The APT can analyze networks with heterogeneous mixtures of firewall brands and models and deals with sophisticated firewall features such as authentication. Users can browse the firewall rules, run the verifier, and display the results using the APT's graphical interface. They can use this to describe a network, import the network using an XML schema or run a program that infers the network topology from the firewall rule sets. The APT automatically highlights the devices involved in the rules in the graphical display. The APT can perform an exhaustive analysis that identifies every possible flow that violates global policy in some way or the other.

AB - The Access Policy Tool (APT) verifies access policy implementation against specification of global policy that encodes best practice recommendations. The APT specifies a network's global access policy and verifies that an implementation adheres to the global access policy exactly. The APT can analyze networks with heterogeneous mixtures of firewall brands and models and deals with sophisticated firewall features such as authentication. Users can browse the firewall rules, run the verifier, and display the results using the APT's graphical interface. They can use this to describe a network, import the network using an XML schema or run a program that infers the network topology from the firewall rule sets. The APT automatically highlights the devices involved in the rules in the graphical display. The APT can perform an exhaustive analysis that identifies every possible flow that violates global policy in some way or the other.

UR - http://www.scopus.com/inward/record.url?scp=58849130197&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=58849130197&partnerID=8YFLogxK

U2 - 10.1109/MSP.2008.159

DO - 10.1109/MSP.2008.159

M3 - Article

AN - SCOPUS:58849130197

SN - 1540-7993

VL - 6

SP - 30

EP - 36

JO - IEEE Security and Privacy

JF - IEEE Security and Privacy

IS - 6

M1 - 4753671

ER -

Usable global network access policy for process control systems

Abstract

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this