On harnessing information models and ontologies for policy conflict analysis
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Transversal policy conflict detection
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
We present an analysis process targeting identification of potential policy conflicts within sets of policies relating to multiple network devices and the security services deployed on them. The process targets pre-deployment identification of potential conflicts betweena newly created (or modified) policy and already deployed policies. It employs an algorithm which, with the aid of an ontology, selects the relevant subset of policies that should be compared with the "candidate" policy, together with an algorithm that identifies the relationships between a given pair of policies and compares these to a conflict signature pattern encoded in an information model. Operation of the process is illustrated via a scenario describing how it can identify conflicts between firewall filtering policies and IPSec VPN policies that are deployed on different network devices.