|Article title||MATHEMATICAL MODEL OF INTRUSION-TOLERANT SECURITY SYSTEM ARCHITECTURE|
|Authors||I.Yu. Polovko, E.S. Abramov|
|Section||SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS|
|Month, Year||11, 2010 @en|
|Abstract||Given a network that deploys multiple firewalls and network intrusion detection systems (СОАs), ensuring that these security components are correctly configured is a challenging problem. Although models have been developed to reason independently about the effectiveness of firewalls and СОАs, there is no common framework to analyze their interaction. This paper presents an integrated, constraint-based approach for modeling and reasoning about these configurations. Our approach considers the dependencies among the two types of components, and can reason automatically about their combined behavior.|
|Keywords||Formal specification and analysis; network intrusion detection; firewalls; network configuration and security.|
|References||1. Guttman J.D. Filtering postures: Local enforcement for global policies.
2. Guttman J.D., Herzog A.L. Rigorous automated network security man.
3. Com. 3Com Embedded Firewall. Software for the 3CR990 Network Interface Card (NIC) Family, Dec. – 2001.
4. Roesch M. Snort: Lightweight intrusion detection for networks.
5. Porras P., Neumann P. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the 20th National Information Systems Security Conference, Baltimore, MD, Oct. 1997. – Р. 353-365.
6. Cheadle M., Harvey W., Sadler A.J., Schimpf J., Shen K., Wallace M.G. ECLiPSe: An Introduction. Technical Report IC-Parc-03-1, IC-Parc, Imperial College London, 2003.