Network System Model-Based Multi-level Policy Generation and Representation

Device and technology oriented policy making excessively depends on the knowledge and experiences of managers, but ignores the requirements and effects of the application environment. So the policy making is incomplete and liable to make mistakes. To solve the problem, hierarchy network security system model is designed. Policy making and representation methods are proposed based on the system modeling, which make the policy making is not limited to a single device and the only one security function. Upon the method, the policy auto making is implemented, and the policy correctness and integrity are insured, which decrease the burden of the manager and the possibilities of mistaking. According to the refinement of the policy basic attributes, multi-level policy representation described in BNF (Backus-Naur Form) form is promoted, which makes policy representation friendlier and more operable.

[1]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[2]  Alessandra Russo,et al.  A goal-based approach to policy refinement , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[3]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[4]  Ohnishi Atsushi,et al.  Goal-oriented Requirements Analysis with AHP , 2005 .

[5]  Dinesh C. Verma,et al.  Simplifying network administration using policy-based management , 2002, IEEE Netw..

[6]  André Zúquete,et al.  SPL: An Access Control Language for Security Policies and Complex Constraints , 2001, NDSS.

[7]  Dinesh C. Verma,et al.  Policy transformation techniques in policy-based systems management , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[8]  René Wies,et al.  Using a classification of management policies for policy specification and policy transformation , 1995, Integrated Network Management.

[9]  E. Letier,et al.  Goal-Oriented Elaboration of Security Requirements , 2001 .

[10]  André Zúquete,et al.  Enforcing Obligation with Security Monitors , 2001, ICICS.

[11]  Ravi Sethi,et al.  Programming languages - concepts and constructs , 1988 .

[12]  Emil C. Lupu,et al.  A policy deployment model for the Ponder language , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[13]  Cataldo Basile,et al.  Towards an algebraic approach to solve policy conflicts , 2004 .