Hybrid Multi-module Security Policy Verification

To build a powerful and flexible security policy verification tool, it is very important to use the approach which allows covering all possible inconsistencies, has open (extendable) architecture and efficient verification implementation. We suggest using a family of different verification modules each of which can work with acceptable computational complexity for the particular types of conflicts, the system scale and the policy complication. The poster describes a common approach to security policy verification and presents a novel hybrid multi-module security checker (SEC) software tool that can serve as a security policy debugger for various categories of security policy, including authentication, authorization, filtering, channel protection and operational rules.