Edinburgh Napier University

  This paper presents a novel framework for network security, and provides a complete solution to integrated security policies, which meets the objectives of an organisation, and also an automated verification process. The framework uses a security compiler, which converts high-level abstract definitions of the objectives of an organisation, and its security requirements. The output of this is then converted into an XML abstraction of security requirements, which can then be modelled, and converted into an implementable form, such as using firewall and IDS rules. Once it has been implemented, network agents are then used to generate and gather data allowing the security policy to be verified against the requirements.

The main areas of the framework are:

• Formal definition and abstraction. This involves the application of formal abstract security languages, such as an ontology mark-up language, and the novel implementation of integrated social rules, along with some form of definition of the aims and objectives of the organisation.
• Implementation. This involves converting the abstraction of the security policy into code and configurations, which can be implemented in the network devices, such as in the implementation of firewall and IDS rules, along with rules for data gathering agents. The paper shows practical implementations of these.
• Test and verification. This involves using data gathering and test generation agents to test and verify that the security system meets its initial objectives. This is obviously a key element in the system, as it provides automated feedback, and refinement.

The paper also provides novel results, which show how network agents can detect threats, and how the network can reconfigure itself, and limit its damage. It also shows typical delays for well-known worm threats and concludes with a novel method of detection and proposes methods on how the network could automate its configuration to overcome typical network threats, such as worms and viruses.