A formal framework (Expression plus Analysis) for network security mechanisms configuration

Security mechanisms enforcement consists in configuring devices with the aim that they cooperate and guarantee the defined security goals. In the network context, this task is complex due to the number, the nature, and the interdependencies of the devices to consider. We propose in this article a formal framework which models the network security management information in order to verify the appliance of security goals. The framework is divided into two components. First, a formal language allows its user to graphically specify the abstract network security tactics while considering network topologies. Second, an associated evaluation method guarantees the consistency and the correctness of the tactics according to the security goals.