You are here

Unifying the conceptual levels of network security through the use of patterns

Download pdf | Full Screen View

Date Issued:
2014
Summary:
Network architectures are described by the International Standard for Organization (ISO), which contains seven layers. The internet uses four of these layers, of which three are of interest to us. These layers are Internet Protocol (IP) or Network Layer, Transport Layer and Application Layer. We need to protect against attacks that may come through any of these layers. In the world of network security, systems are plagued by various attacks, internal and external, and could result in Denial of Service (DoS) and/or other damaging effects. Such attacks and loss of service can be devastating for the users of the system. The implementation of security devices such as Firewalls and Intrusion Detection Systems (IDS), the protection of network traffic with Virtual Private Networks (VPNs), and the use of secure protocols for the layers are important to enhance the security at each of these layers.We have done a survey of the existing network security patterns and we have written the missing patterns. We have developed security patterns for abstract IDS, Behavior–based IDS and Rule-based IDS and as well as for Internet Protocol Security (IPSec) and Transport Layer Security (TLS) protocols. We have also identified the need for a VPN pattern and have developed security patterns for abstract VPN, an IPSec VPN and a TLS VPN. We also evaluated these patterns with respect to some aspects to simplify their application by system designers. We have tried to unify the security of the network layers using security patterns by tying in security patterns for network transmission, network protocols and network boundary devices.
Title: Unifying the conceptual levels of network security through the use of patterns.
0 views
0 downloads
Name(s): Kumar, Ajoy, author
Fernandez, Eduardo B., Thesis advisor
Florida Atlantic University, Degree grantor
College of Engineering and Computer Science
Department of Computer and Electrical Engineering and Computer Science
Type of Resource: text
Genre: Electronic Thesis Or Dissertation
Date Created: 2014
Date Issued: 2014
Publisher: Florida Atlantic University
Place of Publication: Boca Raton, Fla.
Physical Form: application/pdf
Extent: 151 p.
Language(s): English
Summary: Network architectures are described by the International Standard for Organization (ISO), which contains seven layers. The internet uses four of these layers, of which three are of interest to us. These layers are Internet Protocol (IP) or Network Layer, Transport Layer and Application Layer. We need to protect against attacks that may come through any of these layers. In the world of network security, systems are plagued by various attacks, internal and external, and could result in Denial of Service (DoS) and/or other damaging effects. Such attacks and loss of service can be devastating for the users of the system. The implementation of security devices such as Firewalls and Intrusion Detection Systems (IDS), the protection of network traffic with Virtual Private Networks (VPNs), and the use of secure protocols for the layers are important to enhance the security at each of these layers.We have done a survey of the existing network security patterns and we have written the missing patterns. We have developed security patterns for abstract IDS, Behavior–based IDS and Rule-based IDS and as well as for Internet Protocol Security (IPSec) and Transport Layer Security (TLS) protocols. We have also identified the need for a VPN pattern and have developed security patterns for abstract VPN, an IPSec VPN and a TLS VPN. We also evaluated these patterns with respect to some aspects to simplify their application by system designers. We have tried to unify the security of the network layers using security patterns by tying in security patterns for network transmission, network protocols and network boundary devices.
Identifier: FA00004132 (IID)
Degree granted: Dissertation (Ph.D.)--Florida Atlantic University, 2014.
Collection: FAU Electronic Theses and Dissertations Collection
Note(s): Includes bibliography.
Subject(s): Computer architecture
Computer network architectures
Computer network protocols
Computer network protocols
Computer networks -- Security measures
Expert systems (Computer science)
Held by: Florida Atlantic University Libraries
Sublocation: Digital Library
Links: http://purl.flvc.org/fau/fd/FA00004132
Persistent Link to This Record: http://purl.flvc.org/fau/fd/FA00004132
Use and Reproduction: Copyright © is held by the author, with permission granted to Florida Atlantic University to digitize, archive and distribute this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.
Use and Reproduction: http://rightsstatements.org/vocab/InC/1.0/
Host Institution: FAU
Is Part of Series: Florida Atlantic University Digital Library Collections.