Identifying Persistent Faults in Network Access Control System

Abstract

The task of configuring and managing security policies in enterprise networks is becoming harder due to complex policy constraints of the organizations and rapid changes in the network topologies. Typically, the organizational security policies are defined as a collection of rules for allowing/denying service accesses among various network zones. Implementation of the policy can be realized in a distributed fashion via implementation of appropriate sets of access control rules (ACL) within the interface switches (Layer-3 routers) of the network. Due to organizational complex security needs the verification of the ACL implementations with respect to the security policy is a major technical challenge to the network administrators. The problem’s complexity increases with changes in network topologies. In any point of time, the failure within the network infrastructure may occur, causing invalidation and performance degradation of the network parameters. Hence, the existing security implementation (distribution of ACL rules) may not conform to the policy.Here we address the problem by analysing Network Access Control model with ACL implementation in a static fault environment considering static and persistent faults in network access control. We have considered various network topologies for our study and the simulation has been run for networks comprising of number of nodes from 8 to 256. Then we have induced faults to these networks and tried to determine the average and maximum fault latency in these networks in a simulation based approach.