|
ИСТИНА |
Войти в систему Регистрация |
ИПМех РАН |
||
Formal Methods For Building Network-Level Information Security Policiesстатья
- Авторы: Litvinyuk Sergey, Pilyugin Pavel, Petukhov Andrey
- Сборник: International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC) 29-31 Oct. 2024
- Год издания: 2024
- Место издания: IEEE Moscow
- DOI: 10.1109/MoNeTec60984.2024.10768180
- Аннотация: The paper discusses formal methods for building network-level security policies. Currently, firewalls and IDS/IPS are mainly used to ensure security at the network level of the ISO/OSI model. At the same time, the security requirements themselves are formulated for documents, messages, signals, etc. – i.e., at the application level. Therefore, network-level security policies are based on regulations and their interpretation by security administrators, as well as on previous experience and "best practices". However, expanding the capabilities of firewalls based on all flows management in software-defined networks requires a more precise information flow policy. The paper examines the calculation of parts of security policies based on assigning a "trust index" to network nodes. SimRank algorithm and its modifications, SVD and their possible development are discussed. Based on the values of the "trust index", the network can be divided into trusted and untrusted zones. The trust index of network routes can also be calculated. It makes it possible to formulate the requirements and restrictions more precisely for the information flows at the network level. Recommendations on the use of algorithms for various types of networks are considered, such as global, local, and other networks.
- Добавил в систему: Волканов Дмитрий Юрьевич