"Policy-Maker": a toolkit for policy-based security management

"Policy-Maker" is an implementation of our concept for the security management of heterogeneous networks. It is entirely based on the common information model (CIM) and the Web-based enterprise management (WBEM) architecture, which is an industry standard of the Distributed Management Task Force (DMTF). In our concept an administrator can specify security policies uniformly and directly within the CIM data model via a comfortable graphical user interface (GUI) provided by our "Policy-Editor". The policies are processed and executed within the WBEM architecture, in which component specific "providers" map the policies to the mechanisms of the target network devices. A policy can represent a. hierarchy of rules, which are handled and solved in our concept by using several hierarchic provider-calls within the WBEM framework. Furthermore, CIM-based policy models for some concrete security mechanisms (e.g. IP-firewalls) have been designed and implemented for testing the "Policy-Maker". The "Policy-Maker" Toolkit includes a 3D network visualization tool, which provides information on the current network topology and the available security components for the administrator. Finally "Policy-Maker" provides simulation components for testing the configuration of the network and its security mechanisms before a new configuration is applied to the real system.