Security Verification of a Virtual Private Network over MPLS

  • Cédric Llorens
  • Ahmed Serhrouchni
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 229)


We present in this paper how to assess a VPN (Virtual Private Network) security implemented over the Multi Protocol Label Switching (MPLS) protocol. This assessment is based on the definition of a MPLS/VPN security policy and on a reverse-engineering process performed on the network routers configurations. This paper details the algorithms as well as their asymptotic time complexity required to assess this security policy. Moreover, this paper also suggests an approach to rank a VPN perimeter.


Autonomous System Security Policy Virtual Private Network Border Gateway Protocol Export Statement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    D. Valois, C. Llorens, Network Device Configuration Validation, Proceedings of 14th annual FIRST conference, Hawaii, 2002.Google Scholar
  2. 2.
    C. Llorens, D. Valois, Y. Le Teigner, A. Gibouin, Computational complexity of the network routing logical security, Proceedings of the IEEE international Information Assurance Workshop, Darmstadt, Germany, pp. 37–49, 2003.Google Scholar
  3. 3.
    E. Rosen, A. Viswanathan, R. Callon, Multiprotocol Label Switching Architecture, Internet Engineering Task Force,, Proposed standard, 2001.Google Scholar
  4. 4.
    N. Feamster, Practical verification techniques for wide-area routing, ACM SIGCOMM Computer Communication Review, Volume 34, Issue 1, pp. 87–92, 2004.CrossRefGoogle Scholar
  5. 5.
    N. Feamster, H. Balakrishnan, Towards a logic for wide-area Internet routing, Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture, pp. 289–300, 2003.Google Scholar
  6. 6.
    R. Robinson, Counting unlabeled acyclic digraphs, in C. Little editor, Combinatorial Mathematics V, volume 622 of Lecture Notes in Mathematics, Springer, pp. 28–43, 1977.Google Scholar
  7. 7.
    Finn V. Jensen, Bayesian Networks and Decision Graphs, Springer, ISBN 0-387-95259-4, pp. 1–30, 2001.Google Scholar
  8. 8.
    R.E. Tarjan, Depth First Search and Linear Graph Algorithms, conference record of Twelfth Annual IEEE symposium on Switching and Automata theory, New York, pp. 114–121, 1971.Google Scholar
  9. 9.
    G. Brassard, P. Bratley, Fundamentals Of algorithmics, Prentice-Hall, ISBN 0-13-335068-1, pp. 219–258, 1996.Google Scholar
  10. 10.
    Common Criteria, the common criteria represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community, for more information see: http://www.commoncriteria.orgGoogle Scholar
  11. 11.
    R. ORTALO, Évaluation quantitative de la sécurité des systèmes d’information, Thèse de Doctorat de l’Institut National Polytechnique de Toulouse, Rapport LAAS 98164, 19 mai 1998.Google Scholar
  12. 12.
    J.R. Williams, G.F. Jelen, A framework for reasoning about assurance, Project report supported by National Securiy Agency, contract number MDA904-97-C-0223, 1998.Google Scholar
  13. 13.
    W.A. Wulf, D.M. Kienzle, A practical approach to security assessment, MOAT project report supported by DARPA, contract number N66001-96-C-8527, 1996.Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Cédric Llorens
    • 1
  • Ahmed Serhrouchni
    • 2
  1. 1.EquantLa DéfenseFrance
  2. 2.LTCI-UMR 5141 CNRSGET-Télécom ParisParisFrance

Personalised recommendations