Policy-based network management
Network Computing
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Modeling and Verification of IPSec and VPN Security Policies
ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
Automatic generation of conflict-free IPsec policies
FORTE'05 Proceedings of the 25th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
IPSec/VPN management is a complicated challenge, since IPSec functions correctly only if its security policies satisfy all administrated requirements. Computer-generated security policies tend to conflict with each other, which would causes network congestion or creates security vulnerability. Thus conflict resolving has become an issue. In this paper, a method to automatically generate policies is proposed. Instead of performing complicated conflict-checking procedures as most existing works do, the proposed Zero-Conflict algorithm is able to predict and avoid conflict in advance by using requirement groups and cut points techniques. Since policies are established without the need to perform backward conflict check, thus yielding a significantly less time-complexity, which is O(nlogn). Experimental results show that it maintains a satisfactorily minimal numbers of generated tunnels.