Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and Testing

ABSTRACTThe zero trust principle only allows authorized and authenticated actions in a computer network. A network policy satisfies the least privilege principle by minimizing the network permissions to only those needed by users and applications. However, administrators face many challenges in creating a least privilege policy since it requires a detailed understanding of the network topology and knowing the communication requirements of every network application and user. This paper addresses those challenges by introducing a graph-based policy specification framework to capture a network's communication requirements and a network compiler that turns those requirements into an enforceable policy. To offset the effort of building such a stringent policy, we incorporate patterns to spread the work of policy creation over time and people. In the paper, we first elaborate on how our framework's semantics enhances network security and resilience. We then introduce a Security Policy Regression Testing tool (SPRT), which leverages our framework's semantics, to test and reason about consistency, correctness, and relevance of network security policies. Finally, we outline relevant research directions.