Automatic generation of conflict-free IPsec policies

Authors:
Chi-Lan Chang;Yun-Peng Chiu;Chin-Laung Lei
Affiliations:
Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan;Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan;Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan
Venue:
FORTE'05 Proceedings of the 25th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Year:
2005

Citing 2
Cited 1

Cryptography and Network Security: Principles and Practice

Cryptography and Network Security: Principles and Practice
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks

ZERO-conflict: a grouping-based approach for automatic generation of IPSec/VPN security policies

DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management

Quantified Score

Hi-index	0.00

Visualization

Abstract

IPsec (IP security) will function correctly only if its security policies satisfy all the requirements. If the security policies cannot meet a set of consistent requirements, we said there are policy conflicts. In this paper, we analyze all situations which could possibly lead to a policy conflict and try to resolve all of them. We induce only two situations which could cause conflicts and also propose an algorithm to automatically generate conflict-free policies which satisfy all requirements. We also implement our algorithm and compare the results of simulation with the other approaches and show that it outperforms existing approaches in the literature.