Formal Methods For Building Network-Level Information Security Policies

Formal Methods For Building Network-Level Information Security Policies

연구 분야: Networking

학회: 2024 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC)

The paper discusses formal methods for building network-level security policies. Currently, firewalls and IDS/IPS are mainly used to ensure security at the network level of the ISO/OSI model. At the same time, the security requirements themselves are formulated for documents, messages, signals, etc. – i.e., at the application level. Therefore, network-level security policies are based on regulations and their interpretation by security administrators, as well as on previous experience and "best practices". However, expanding the capabilities of firewalls based on all flows management in software-defined networks requires a more precise information flow policy. The paper examines the calculation of parts of security policies based on assigning a "trust index" to network nodes. SimRank algorithm and its modifications, SVD and their possible development are discussed. Based on the values of the "trust index", the network can be divided into trusted and untrusted zones. The trust index of network routes can also be calculated. It makes it possible to formulate the requirements and restrictions more precisely for the information flows at the network level. Recommendations on the use of algorithms for various types of networks are considered, such as global, local, and other networks.