The main issue of this paper is to propose a formal technique allowing to automatically configure a given network so that it will respect a given security policy. In other words, given a computer network N and a security policy Φ, we introduce a formal technique that automatically produce another network N′ such that N′ Φ and N and N′ behaves in an "equivalent" (with respect to a given de finition of equivalence) way. To that end, we define a new process algebra allowing to better specify and analyze monitored network. We also define an operator that produce from an initial network N and a security policy Φ another version of the network, denoted by N Φ, configured in such a way that the security policy is always respected.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 email@example.com
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 firstname.lastname@example.org