Security policy decision for automation of security network configuration

Author

Gaeil Ahn ; Yoon, Seungyong ; Kim, Kiyoung ; Jang, Jongsoo

Author_Institution

Electron. & Telecommun. Res. Inst., Taejon, South Korea

Volume

3

fYear

2003

fDate

21-24 Sept. 2003

Firstpage

1057

Abstract

IETF has proposed a policy framework called policy-based network management (PBNM). Its best point is to provide automation of network configuration. Currently network area is actively embodying PBNM for QoS provisioning, RSVP admission control, device configuration, and etc. However, security area is not greatly interest in PBNM except IPSec. This paper proposes a PBNM-based security policy decision service, which can provide automation of security network configuration. The proposed policy decision service has capacity that can automatically create/activate a response policy rule on the basis of security status, activate a policy rule on the basis of rule timer, decide a security system best suitable to a policy rule, and select policy rules that should be applied to a security system.

Keywords

quality of service; telecommunication network management; telecommunication security; policy rules; policy-based network management; security network configuration; security policy decision service; security systems; Access protocols; Admission control; Automatic control; Automation; Intrusion detection; Intserv networks; Object oriented modeling; Protection; Resource management; Telecommunication network management;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications, 2003. APCC 2003. The 9th Asia-Pacific Conference on

Print_ISBN

0-7803-8114-9

Type

conf

DOI

10.1109/APCC.2003.1274260

Filename

1274260