Policy modeling and refinement for network security systems

Author

De Albuquerque, João Porto ; Krumm, Heiko ; De Geus, Paulo Lício

Author_Institution

Inst. of Comput., State Univ. of Campinas, Brazil

fYear

2005

fDate

6-8 June 2005

Firstpage

24

Lastpage

33

Abstract

In today´s network environments the integrated design and management of different security technologies and mechanisms are of great interest. Especially in large networks, the security management should be supported by approaches with an appropriate level of abstraction, such that a system can be considered independently of the complex configuration details of its various component mechanisms. Furthermore, the employment of the security services and the design of their configurations should be supported by a structured technique that separates the consideration of the system as a whole from the detailed design of the subsystems. Pursuing these goals, this papers offers an approach to modeling network security systems, based on the concepts of policy-based management and model-based management, and analyzes the policy representation and refinement as well as the model validation enabled by this modeling.

Keywords

computer network management; configuration management; formal specification; security of data; configuration design; model validation; model-based management; network security systems; policy modeling; policy refinement; policy-based management; security management; security services; Buildings; Computer network management; Computer networks; Computerized monitoring; Costs; Employment; Environmental management; Protection; Security; Technology management;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2005. Sixth IEEE International Workshop on

Print_ISBN

0-7695-2265-3

Type

conf

DOI

10.1109/POLICY.2005.24

Filename

1454300