Abstract
We present in this paper how to assess a VPN (Virtual Private Network) security implemented over the Multi Protocol Label Switching (MPLS) protocol. This assessment is based on the definition of a MPLS/VPN security policy and on a reverse-engineering process performed on the network routers configurations. This paper details the algorithms as well as their asymptotic time complexity required to assess this security policy. Moreover, this paper also suggests an approach to rank a VPN perimeter.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
D. Valois, C. Llorens, Network Device Configuration Validation, Proceedings of 14th annual FIRST conference, Hawaii, 2002.
C. Llorens, D. Valois, Y. Le Teigner, A. Gibouin, Computational complexity of the network routing logical security, Proceedings of the IEEE international Information Assurance Workshop, Darmstadt, Germany, pp. 37–49, 2003.
E. Rosen, A. Viswanathan, R. Callon, Multiprotocol Label Switching Architecture, Internet Engineering Task Force, www.ietf.org, Proposed standard, 2001.
N. Feamster, Practical verification techniques for wide-area routing, ACM SIGCOMM Computer Communication Review, Volume 34, Issue 1, pp. 87–92, 2004.
N. Feamster, H. Balakrishnan, Towards a logic for wide-area Internet routing, Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture, pp. 289–300, 2003.
R. Robinson, Counting unlabeled acyclic digraphs, in C. Little editor, Combinatorial Mathematics V, volume 622 of Lecture Notes in Mathematics, Springer, pp. 28–43, 1977.
Finn V. Jensen, Bayesian Networks and Decision Graphs, Springer, ISBN 0-387-95259-4, pp. 1–30, 2001.
R.E. Tarjan, Depth First Search and Linear Graph Algorithms, conference record of Twelfth Annual IEEE symposium on Switching and Automata theory, New York, pp. 114–121, 1971.
G. Brassard, P. Bratley, Fundamentals Of algorithmics, Prentice-Hall, ISBN 0-13-335068-1, pp. 219–258, 1996.
Common Criteria, the common criteria represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community, for more information see: http://www.commoncriteria.org
R. ORTALO, Évaluation quantitative de la sécurité des systèmes d’information, Thèse de Doctorat de l’Institut National Polytechnique de Toulouse, Rapport LAAS 98164, 19 mai 1998.
J.R. Williams, G.F. Jelen, A framework for reasoning about assurance, Project report supported by National Securiy Agency, contract number MDA904-97-C-0223, 1998.
W.A. Wulf, D.M. Kienzle, A practical approach to security assessment, MOAT project report supported by DARPA, contract number N66001-96-C-8527, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Llorens, C., Serhrouchni, A. (2007). Security Verification of a Virtual Private Network over MPLS. In: Gaïti, D. (eds) Network Control and Engineering for QoS, Security and Mobility, IV. NetCon 2005. IFIP — The International Federation for Information Processing, vol 229. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-49690-0_27
Download citation
DOI: https://doi.org/10.1007/978-0-387-49690-0_27
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-49689-4
Online ISBN: 978-0-387-49690-0
eBook Packages: Computer ScienceComputer Science (R0)