Algorithm to automatically solve security policy conflicts among IP devices configurations

Author

Ferraresi, Simone ; Francocci, Emanuele ; Quaglini, Alessio ; Baiocchi, Andrea

Author_Institution

ElsagDatamat S.p.A., Rome

fYear

2008

fDate

7-11 April 2008

Firstpage

923

Lastpage

926

Abstract

One of the most critical aspects of security problems is the impossibility of accurately checking a system real weaknesses. In a complex and distributed environment this problem is greatly accentuated. During the process of configuration and implementation of the network security policies errors can occur, resulting in holes in security and, consequently, compromising the entire system functionality. These errors are often very hard to detect by performing a manual or visual inspection. For this reason, automatic management of this phase is required. Here we propose an algorithm to automatically tune up the configurations of the network devices in order to avoid unexpected and unwanted network behaviours. This algorithm will be described in all its phases and some results of the software implementation will be shown.

Keywords

IP networks; distributed processing; error detection; telecommunication security; IP devices configurations; automatic management; distributed environment; error detection; manual inspection; network security policy; security policy conflicts; software implementation; system functionality; visual inspection; Algorithm design and analysis; Filtering; Formal languages; Inspection; Joining processes; Performance analysis; Protocols; Security; Software algorithms; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Operations and Management Symposium, 2008. NOMS 2008. IEEE

Conference_Location

Salvador, Bahia

ISSN

1542-1201

Print_ISBN

978-1-4244-2065-0

Electronic_ISBN

1542-1201

Type

conf

DOI

10.1109/NOMS.2008.4575248

Filename

4575248