Treffer: Game of Zones: An Automated Intent-Based Network Micro-segmentation Methodology
Title:
Game of Zones: An Automated Intent-Based Network Micro-segmentation Methodology
Contributors:
Service IntEgration and netwoRk Administration (IRIT-SIERA), Institut de recherche en informatique de Toulouse (IRIT), Université Toulouse Capitole (UT Capitole), Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université Toulouse - Jean Jaurès (UT2J), Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université de Toulouse (EPE UT), Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Toulouse Mind & Brain Institut (TMBI), Université Toulouse - Jean Jaurès (UT2J), Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université de Toulouse (EPE UT), Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université Toulouse Capitole (UT Capitole), Communauté d'universités et établissements de Toulouse (Comue de Toulouse), ICO-OCCITANIE, CNRS IRN EU-CHECK, ANR-23-PECL-0009,TRUSTINClouds,Sécurité des infrastructures Cloud(2023), European Project: GA 956562,LeADS, European Project: 101086308,HORIZON-MSCA-2021-SE-01,HORIZON-MSCA-2021-SE-01,DUCA(2023)
Source:
38th IEEE/IFIP Network Operations and Management Symposium (NOMS 2025)
https://hal.science/hal-04948011
38th IEEE/IFIP Network Operations and Management Symposium (NOMS 2025), May 2025, Honolulu, HI, United States
https://hal.science/hal-04948011
38th IEEE/IFIP Network Operations and Management Symposium (NOMS 2025), May 2025, Honolulu, HI, United States
Publisher Information:
CCSD
Publication Year:
2025
Subject Terms:
Zero-trust architecture, Answer set programming, Micro-segmentation, Security automation, Intent-based security, Network security architecture, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI], [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE]
Subject Geographic:
Document Type:
Konferenz
conference object
Language:
English
Relation:
info:eu-repo/grantAgreement//GA 956562/EU/H2020 Legality Attentive Data Scientists/LeADS; info:eu-repo/grantAgreement//101086308/EU/Data Usage Control for empowering digital sovereignty for All citizens/DUCA
Availability:
Rights:
info:eu-repo/semantics/OpenAccess
Accession Number:
edsbas.DA1B90E9
Database:
BASE
Weitere Informationen
International audience ; This article presents a novel approach that automates part of the work of network security architects, enabling them to design fine-grained secure network architectures. We have developed a methodology that, starting from high-level security requirements, called intents, and an initial unprotected network architecture, computes the optimal security zones and integrates security functions to protect both inter-and intrazone communications. We implemented this methodology as a proof-of-concept framework, leveraging the flexibility and expressivity of Answer Set Programming, a form of declarative logic programming.