Conflict analysis for management policies
Proceedings of the fifth IFIP/IEEE international symposium on Integrated network management V : integrated management in a virtual world: integrated management in a virtual world
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
Genetic Algorithms
Fundamentals of Computer Alori
Fundamentals of Computer Alori
Analyzing consistency of security policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A Comparative Study of Policy Specification Languages for Secure Distributed Applications
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Safe and efficient strategies for updating firewall policies
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
L3A: a protocol for layer three accountingAlwyn Goodloe,
NPSEC'05 Proceedings of the First international conference on Secure network protocols
MIRAGE: a management tool for the analysis and deployment of network security policies
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
ZERO-conflict: a grouping-based approach for automatic generation of IPSec/VPN security policies
DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management
Detection and resolution of anomalies in firewall policy rules
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
An algebra for enterprise privacy policies closed under composition and conjunction
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Automatic generation of conflict-free IPsec policies
FORTE'05 Proceedings of the 25th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Model-Driven security policy deployment: property oriented approach
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
A security management information model derivation framework: from goals to configurations
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Network-level access control policy analysis and transformation
IEEE/ACM Transactions on Networking (TON)
PCIEF: a policy conflict identification and evaluation framework
International Journal of Information and Computer Security
| Hi-index | 0.00 |
IPSec (Internet Security Protocol Suite) functions will be executed correctly only if its policies are correctly specified and configured. Manual IPSec policy configuration is inefficient and error-prone. An erroneous policy could lead to communication blockade or serious security breach. In addition, even if policies are specified correctly in each domain, the diversified regional security policy enforcement can create significant problems for end-to-end communication because of interaction among policies in different domains. A policy management system is, therefore, demanded to systematically manage and verify various IPSec policies in order to ensure an end-to-end security service. This paper contributes to the development of an IPSec policy management system in two aspects. First, we defined a high-level security requirement, which not only is an essential component to automate the policy specification process of transforming from security requirements to specific IPSec policies but also can be used as criteria to detect conflicts among IPSec policies, i.e. policies are correct only if they satisfy all requirements. Second, we developed mechanisms to detect and resolve conflicts among IPSec policies in both intradomain and inter-domain environment.