出版社:European Association of Software Science and Technology (EASST)
摘要:Software- defined networks ( SDN ) offer a high degree of programmability for handling and forwarding packets . In particular , they allow network administrators to combine different security functions , such as firewalls , intrusion detection systems , and external services, into security chains designed to prevent or mitigate attacks against end user applications. These chains can benefit from formal techniques for their automated construction and verification . We propose in this paper a rule - based system for automating the composition and configuration of such chains for Android applications. Given the network characterization of an application and the set of permissions it requires , our rules construct an abstract representation of a custom security chain . This representation is then translated into a concrete implementation of the chain in pyretic, a domain - specific language for programming SDN controllers . We prove that the chains produced by our rules satisfy a number of correctness properties such as the absence of black holes or loops , and shadowing freedom , and that they are coherent with the underlying security policy .
