The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Assurable Configuration of Security Policies in Enterprise Networks

Research Areas: End System Security

Principal Investigator: Sanjay Rao

The design and configuration of enterprise networks is one of the hardest challenges that operators face today. A key challenge in doing so is the need to reconfigure network devices to ensure high-level operator goals are correctly realized. The high-level objectives (such as performance and security goals) that operators have for their networks are embedded in hundreds of low-level device configurations. Reconfiguring network devices is challenging given the huge semantic gap between these high-level objectives, and low-level configurations. Errors in changing configurations have been known to result in outages, business service disruptions, violations of Service Level Agreements~(SLA) and cyber-attacks~\cite{mahajan:02,kerravala02,Alloy}.  In our research, we are looking at principled approaches for the systematic design and configuration of enterprise networks.  We believe our research will minimize errors, and enable operators to ensure their networks continue to meet desired high-level security objectives.  An important problem that we are currently tackling is that of ensuring correctness of security policies when migrating enterprise data centers to cloud computing models.

Personnel

Students: Xin Sun Yu-Wei Sung

Representative Publications

Keywords: network devices, policy, security goals, service level agreements