TY - GEN
T1 - Using an information model and associated ontology for selection of policies for conflict analysis
AU - Davy, Steven
AU - Jennings, Brendan
AU - Strassner, John
PY - 2008
Y1 - 2008
N2 - We present an analysis process targeting identification of potential policy conflicts within sets of policies relating to multiple network devices and the security services deployed on them. The process targets pre-deployment identification of potential conflicts between a newly created (or modified) policy and already deployed policies. It employs an algorithm which, with the aid of an ontology, selects the relevant subset of policies that should be compared with the "candidate" policy, together with an algorithm that identifies the relationships between a given pair of policies and compares these to a conflict signature pattern encoded in an information model. Operation of the process is illustrated via a scenario describing how it can identify conflicts between firewall filtering policies and IPSec VPN policies that are deployed on different network devices.
AB - We present an analysis process targeting identification of potential policy conflicts within sets of policies relating to multiple network devices and the security services deployed on them. The process targets pre-deployment identification of potential conflicts between a newly created (or modified) policy and already deployed policies. It employs an algorithm which, with the aid of an ontology, selects the relevant subset of policies that should be compared with the "candidate" policy, together with an algorithm that identifies the relationships between a given pair of policies and compares these to a conflict signature pattern encoded in an information model. Operation of the process is illustrated via a scenario describing how it can identify conflicts between firewall filtering policies and IPSec VPN policies that are deployed on different network devices.
UR - http://www.scopus.com/inward/record.url?scp=51849153395&partnerID=8YFLogxK
U2 - 10.1109/POLICY.2008.33
DO - 10.1109/POLICY.2008.33
M3 - Conference contribution
AN - SCOPUS:51849153395
SN - 9780769531335
T3 - Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
SP - 82
EP - 85
BT - Proceedings - 2008 IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
T2 - 9th IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008
Y2 - 2 June 2008 through 4 June 2008
ER -