Title :
Towards a Network-Independent Policy Specification
Author :
Basile, Cataldo ; Lioy, Antonio ; Vallini, Marco
Author_Institution :
Dip. Autom. ed Inf., Politec. di Torino, Torino, Italy
Abstract :
A very ambitious objective in the field of policy-based systems is the provision of an intuitive and transparent way for policy specification, refinement and enforcement. This is one of the key enabling technologies for a simplified security management of complex networked environments. Currently, security policies are enforced by configuring the end devices by means of low-level device-specific parameters manually derived from high level specifications. This process, defined as policy translation, is still performed without a holistic view of the overall security requirements. This paper presents the Network Contextualization Tool (NCTool), a software supporting administrators in performing network dependent activities when configuring security enabled devices. The tool provides a great advantage in the management of complex networks. In fact, it simplifies the network administration tasks and reduces effort and responsibilities for the administrators, thus decreasing the risk of mistaken configurations.
Keywords :
computer network management; computer network security; network administration tasks; network contextualization tool; network-independent policy specification; policy enforcement; policy refinement; policy translation; security management; security policy; Collaborative work; Computer networks; Computer science; Databases; Information analysis; International collaboration; Laboratories; Social network services; Software libraries; Telecommunication computing; network configuration; policy translation; policy-based network management;
Conference_Titel :
Parallel, Distributed and Network-Based Processing (PDP), 2010 18th Euromicro International Conference on
Conference_Location :
Pisa
Print_ISBN :
978-1-4244-5672-7
Electronic_ISBN :
1066-6192
DOI :
10.1109/PDP.2010.45
