Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

The challenge for autonomic network management is the provision of future network management systems that have the characteristics of self-management, self-configuration, self-protection and self-healing, in accordance with the high level objectives of the enterprise or human end-user. This paper proposes an abstract model for network configuration that is intended to help understand fundamental underlying issues in self-configuration. We describe the cascade problem in self-configuring networks: when individual network components that are securely configured are connected together (in an apparently secure manner), a configuration cascade can occur resulting in a mis-configured network. This has implications for the design of self-configuring systems and we discuss how a soft constraint-based framework can provide a solution.

[1]  Thomas A. Corbi,et al.  The dawning of the autonomic computing era , 2003, IBM Syst. J..

[2]  Bradford G. Nickerson,et al.  The cascade vulnerability problem , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Jim Boyle,et al.  Accept-Ranges : bytes Content-Length : 55967 Connection : close Content-Type : text / plain Internet Draft , 2012 .

[4]  Francesca Rossi,et al.  Semiring-based constraint satisfaction and optimization , 1997, JACM.

[5]  Benjamin Aziz,et al.  Trading Off Security in a Service Oriented Architecture , 2005, DBSec.

[6]  Petr Jan Horn,et al.  Autonomic Computing: IBM's Perspective on the State of Information Technology , 2001 .

[7]  Yechiam Yemini,et al.  Towards self-configuring networks , 2002, Proceedings DARPA Active Networks Conference and Exposition.

[8]  John Strassner,et al.  Bio-inspired Policy Based Management (bioPBM) for Autonomic Bio-inspired Policy Based Management (bioPBM) for Autonomic , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[9]  Sven van der Meer,et al.  Bio-inspired Policy Based Management (bioPBM) for Autonomic Communication Systems , 2006 .

[10]  Barry O'Sullivan,et al.  Multilevel Security and Quality of Protection , 2006, Quality of Protection.

[11]  Francesca Rossi,et al.  Semiring-based constraint solving and optimization , 1997 .

[12]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[13]  J. K. Millen,et al.  The cascading problem for interconnected networks , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[14]  Robin Braun,et al.  Autonomics in telecommunications service activation , 2005, Proceedings Autonomous Decentralized Systems, 2005. ISADS 2005..

[15]  Stefano Bistarelli Semirings for Soft Constraint Solving and Programming , 2004, Lecture Notes in Computer Science.

[16]  Sushil Jajodia,et al.  Data and Applications Security XIX, 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Storrs, CT, USA, August 7-10, 2005, Proceedings , 2005, DBSec.