Configuring storage-area networks using mandatory security

Benjamin Aziz, S. Foley, J. Herbert, G. Swart

Research output: Contribution to journalArticlepeer-review

159 Downloads (Pure)


Storage-area networks are a popular and efficient way of building large storage systems both in an enterprise environment and for multi-domain storage service providers. In both environments the network and the storage has to be configured to ensure that the data is maintained securely and can be delivered efficiently. In this paper, we describe a model of mandatory security for SAN services that incorporates the notion of risk as a measure of the robustness of the SAN’s configuration and that formally defines a vulnerability common in systems with mandatory security, i.e. cascaded threats. Our abstract SAN model is flexible enough to reflect the data requirements, tractable for the administrator, and can be implemented as part of an automatic configuration system. The implementation is given as part of a prototype written in OPL.
Original languageEnglish
Pages (from-to)191-210
Number of pages20
JournalJournal of Computer Security
Issue number2
Publication statusPublished - 24 Mar 2009


  • Storage-Area Networks
  • Formal Validation Methods
  • Security
  • Configuration Analysis


Dive into the research topics of 'Configuring storage-area networks using mandatory security'. Together they form a unique fingerprint.

Cite this