Game of Zones: An Automated Intent-Based Network Micro-segmentation Methodology

This article presents a novel approach that automates part of the work of network security architects, enabling them to design fine-grained secure network architectures. We have developed a methodology that, starting from high-level security requirements, called intents, and an initial unprotected network architecture, computes the optimal security zones and integrates security functions to protect both inter-and intrazone communications. We implemented this methodology as a proof-of-concept framework, leveraging the flexibility and expressivity of Answer Set Programming, a form of declarative logic programming.

Mots clés

Network security architecture Intent-based security Security automation Micro-segmentation Zero-trust architecture Answer set programming

Domaines

Cryptographie et sécurité [cs.CR] Intelligence artificielle [cs.AI] Génie logiciel [cs.SE]

Fichier principal

Game_of_Zones__An_Automated_Intent_Based_Network_Micro_segmentation_Methodology.pdf (329)

Origine	Fichiers produits par l'(les) auteur(s)

Afonso Ferreira : Connectez-vous pour contacter le contributeur

https://hal.science/hal-04948011

Soumis le : vendredi 14 février 2025-12:51:06

Dernière modification le : samedi 15 février 2025-03:31:01

Dates et versions

hal-04948011 , version 1 (14-02-2025)

Identifiants

HAL Id : hal-04948011 , version 1

Citer

Daniele Canavese, Romain Laborde, Abir Laraba, Afonso Ferreira, Abdelmalek Benzekri. Game of Zones: An Automated Intent-Based Network Micro-segmentation Methodology. 38th IEEE/IFIP Network Operations and Management Symposium (NOMS 2025), May 2025, Honolulu, HI, United States. ⟨hal-04948011⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

UNIV-TLSE2 CNRS UT1-CAPITOLE IRIT IRIT-SIERA ANR IRIT-ASR TOULOUSE-INP UNIV-UT3 UT3-TOULOUSEINP

0 Consultations

0 Téléchargements