Firewall Wizards mailing list archives

Re: Security Policy methodologies

From: sedayao () orpheus sc intel com (Jeff Sedayao)
Date: Mon, 29 Dec 1997 11:50:24 -0800 (PST)

I'm seeking information on any methodologies for developing Security Policies.

Basically, I'm developing a paper of utilising software engineering
techniques to abstract the process and to analyse the result for
completness. I need to know if this has been tried and what other methods
do people use to create the policy document?

I'll sumarise the results and post them to the list as well as posting the
url of the finished paper.


I have done something similar to this for the packet filtering parts of
our firewall.  I generate cisco packet filtering rules using macro
substitution and a Makefile.  This allows me to do convenient software
engineering like things such reusing components like filter rules sets
of related networks on extended access list rules on different routers.  I
also can have use higher level abstractions to simplify specifying
policy.  It also allows me to do build consistent filtering policies
across many routers distributed through the company.

On the analysis end, I had someone create a model for me in Netsys, the
cisco configuration analysis tool.  Along with that model is included a
series of tests that can check for obvious security holes (kind of an
access list lint).  Generated access lists can be loaded into Netsys and 
then checked for holes.  Of course, you can only verify what you check for,
but that is much much better than having nothing.  Also, this only
checks the routers, not our actual proxies.

One could debate that this process is not generating and analyzing a 
security policy but only the implementation of the security policy, but 
I'll leave that academic debate up to others.  I don't have a paper on
this out (got rejected by referees).

Other pointers:  

1.  There was a paper in the USENIX Computing Journal building router
configurations in a similar way.  Abstract at 

http://www.usenix.org/publications/computing/9.3.html

2.  I had talked to Professor Stephen Fickas at the University of
Oregon (http://www.cs.uoregon.edu/people/faculty/fickas.html) about his
work in requirements generation.  He had some students working on
using software engineering techniques to generate requirements for
routing and security policies.  They were initially working with 
firewall-1's LISPish specification language.  I am not sure if he is
still doing work in this area, but you could ask.

Yours,

Bret Watson
Technical Incursion Countermeasures 
Providing the means for your company's self-defense
consulting () bwa net                      http://www.ticm.com/
ph: (+61)(08) 9429 8898(UTC+8 hrs)      fax: (+61)(08) 9429 8800


-- 
Jeff Sedayao
Intel Corporation
sedayao () orpheus sc intel com

Current thread:

Software and platform for an Enterprise Firewall Paul_Schmiege (Dec 23)
- Re: Software and platform for an Enterprise Firewall Bennett Todd (Dec 24)
  - Security Policy methodologies Bret Watson (Dec 29)
    - Re: Security Policy methodologies Jeff Sedayao (Dec 29)
- Re: Software and platform for an Enterprise Firewall Rick Smith (Dec 24)