Managing Security in Dynamic Networks

Authors:
Alexander V. Konstantinou;Yechiam Yemini;Sandeep Bhatt;S. Rajagopalan
Affiliations:
Columbia University;Columbia University;Telcordia Technologies [formerly Bellcore];Telcordia Technologies [formerly Bellcore]
Venue:
LISA '99 Proceedings of the 13th USENIX conference on System administration
Year:
1999

Citing 7
Cited 1

Generating diagnostic tools for network fault management

Proceedings of the fifth IFIP/IEEE international symposium on Integrated network management V : integrated management in a virtual world: integrated management in a virtual world
Managing in a distributed world

Proceedings of the fourth international symposium on Integrated network management IV
ICON: a system for implementing constraints in object-based networks

Proceedings of the fourth international symposium on Integrated network management IV
Automation of Site Configuration Management

LISA '97 Proceedings of the 11th Conference on Systems Administration
Ganymede: An Extensible and Customizable Directory Management Framework

LISA '98 Proceedings of the 12th Conference on Systems Administration
Central System Administration in a Heterogeneous Unix Environment: GeNUAdmin

LISA '94 Proceedings of the 8th USENIX conference on System administration
NESTOR: an architecture for network self-management and organization

IEEE Journal on Selected Areas in Communications

A2A: An Architecture for Autonomic Management Coordination

DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes our initial steps towards self-configuring mechanisms for automating high-level security and service policies in dynamic networks. We build on the NESTOR system developed at Columbia University for instrumenting and monitoring constraints on network elements and services such as DHCP, DNS zones, host-based access controls, firewalls, and VLAN switches.Current paradigms for configuration management require that changes be propagated either manually or via low-level scripts suited to static networks. Our longer-term goal is to provide fully automated techniques which work for dynamic networks in which changes are frequent and often unanticipated. Automated approaches, such as ours, are the only viable solution for global and dynamic networks and services. In this paper, we focus on one specific scenario to illustrate our ideas: providing transparent and secure access to selected services from a mobile laptop. The challenge is that reconfiguration must satisfy the security policies of two independent corporate networks.