Build and Test Your Own Network Configuration
نویسندگان
چکیده
Access control policies play a critical role in the security of enterprise networks deployed with variety of policy-based devices (e.g., routers, firewalls, and IPSec). Usually, the security policies are configured in the network devices in a distributed fashion through sets of access control lists (ACL). However, the increasing complexity of access control configurations due to larger networks and longer policies makes configuration errors inevitable. Incorrect policy configuration makes the network vulnerable to different attacks and security breaches. In this paper, we present an imperative framework, namely, ConfigLEGO, that provides an open programming platform for building the network security configuration globally and analyzing it systematically. The ConfigLEGO engine uses Binary Decision Diagram (BDD) to build a Boolean model that represents the global system behaviors including all possible interaction between various components in extensible and scalable manner. Our tool also provides a C/C++ API as a software wrapper on top of the BDD engine to allow users in defining topology, configurations, and reachability, and then analyzing in various abstraction levels, without requiring knowledge of BDD representation or operations.
منابع مشابه
Parallel computing using MPI and OpenMP on self-configured platform, UMZHPC.
Parallel computing is a topic of interest for a broad scientific community since it facilitates many time-consuming algorithms in different application domains.In this paper, we introduce a novel platform for parallel computing by using MPI and OpenMP programming languages based on set of networked PCs. UMZHPC is a free Linux-based parallel computing infrastructure that has been developed to cr...
متن کاملThe Nuts and Bolts of DBMS Construction: Building your Own Prototype
DBMS construction: DBMS construction: DBMS construction: DBMS construction: DBMS construction: DBMS construction: building your own prototype building your own prototype building your own prototype building your own prototype building your own prototype building your own prototype building your own prototype building your own prototype 2 3 Motivation • www.amazon.com: – 48 books on compiler con...
متن کاملReconfiguration of distribution systems to improve reliability and reduce power losses using Imperialist Competitive Algorithm
Distribution systems can be operated in multiple configurations since they are possible combinations of radial and loop feeders. Each configuration leads to its own power losses and reliability level of supplying electric energy to customers. In order to obtain the optimal configuration of power networks, their reconfiguration is formulated as a complex optimization problem with different objec...
متن کاملEstimating Reliability in Mobile ad-hoc Networks Based on Monte Carlo Simulation (TECHNICAL NOTE)
Each system has its own definition of reliability. Reliability in mobile ad-hoc networks (MANET) could be interpreted as, the probability of reaching a message from a source node to destination, successfully. The variability and volatility of the MANET configuration makes typical reliability methods (e.g. reliability block diagram) inappropriate. It is because, no single structure or configurat...
متن کاملHow to Build Complex, Large-Scale Emulated Networks
This paper describes AutoNetkit, an auto-configuration tool for complex network emulations using Netkit, allowing large-scale networks to be tested on commodity hardware. AutoNetkit uses an object orientated approach for router configuration management, significantly reducing the complexities in large-scale network configuration. Using AutoNetkit, a user can generate large and complex emulation...
متن کامل