Title :
Security policy decision for automation of security network configuration
Author :
Gaeil Ahn ; Yoon, Seungyong ; Kim, Kiyoung ; Jang, Jongsoo
Author_Institution :
Electron. & Telecommun. Res. Inst., Taejon, South Korea
Abstract :
IETF has proposed a policy framework called policy-based network management (PBNM). Its best point is to provide automation of network configuration. Currently network area is actively embodying PBNM for QoS provisioning, RSVP admission control, device configuration, and etc. However, security area is not greatly interest in PBNM except IPSec. This paper proposes a PBNM-based security policy decision service, which can provide automation of security network configuration. The proposed policy decision service has capacity that can automatically create/activate a response policy rule on the basis of security status, activate a policy rule on the basis of rule timer, decide a security system best suitable to a policy rule, and select policy rules that should be applied to a security system.
Keywords :
quality of service; telecommunication network management; telecommunication security; policy rules; policy-based network management; security network configuration; security policy decision service; security systems; Access protocols; Admission control; Automatic control; Automation; Intrusion detection; Intserv networks; Object oriented modeling; Protection; Resource management; Telecommunication network management;
Conference_Titel :
Communications, 2003. APCC 2003. The 9th Asia-Pacific Conference on
Print_ISBN :
0-7803-8114-9
DOI :
10.1109/APCC.2003.1274260
