A Network Security Policy Model and Its Realization Mechanism

The large-scale network environment incarnates interconnection of different security domains. There are different security policies in the domain or among the domains, and conflicts can arise in the set of policies which lack of trust and consultation. A network security policy model is proposed in this paper. By defining and describing security policy and domain, the policies' integrity, validity, consistency, conflicts detecting, resolving and releasing are studied. The policy implementation mechanism is based on rule engine. This paper gives the achieve steps and efficiency analysis. The technology can be adapted to establishing and controlling the policy service in the extensive network environment.

[1]  Roch Guérin,et al.  A Framework for Policy-based Admission Control , 2000, RFC.

[2]  Ehab Al-Shaer,et al.  Conflict classification and analysis of distributed firewall policies , 2005, IEEE Journal on Selected Areas in Communications.

[3]  Charles L. Forgy,et al.  Rete: A Fast Algorithm for the Many Patterns/Many Objects Match Problem , 1982, Artif. Intell..

[4]  Jorge Lobo,et al.  Realizing Network Control Policies Using Distributed Action Plans , 2003, Journal of Network and Systems Management.

[5]  Tim Howes,et al.  Lightweight Directory Access Protocol , 1995, RFC.

[6]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[7]  Emil C. Lupu,et al.  Conflict Analysis for Management Policies , 1997, Integrated Network Management.

[8]  Morris Sloman,et al.  Policy Conflict Analysis in Distributed System Management , 1994 .

[9]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[10]  M. Wahl,et al.  Lightweight Directory Access Protocol , 1997 .

[11]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[12]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[13]  Andreas Schaad Detecting conflicts in a role-based delegation model , 2001, Seventeenth Annual Computer Security Applications Conference.