Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
IM
2007
2007
CLID: A general approach to validate security policies in a dynamic network
- Many researchers have considered security policy management, including how to configure policies manually and even how to automatically generate security policies based on security requirements. Both can be error prone, especially when properties of the network topology change, because security requirements are usually not bound to any particular route path. Our DETER lab emulation results show that conflicts could be caused by these factors. Therefore, a systematic way to validate the correctness of the security policies is essential. This paper presents an approach, CLID (Conflict and Looping Identification and Detection), to verify whether a set of security policies (e.g. IPSec/VPN tunnels) satisfy the given security requirements, without causing any conflicts. This approach utilizes the definition of a security policy to include network routing data as well as traffic selector information, thus it works for general network topologies. We also analyze and justify the correctness o...
Real-time Traffic| Added | 29 Oct 2010 |
| Updated | 29 Oct 2010 |
| Type | Conference |
| Year | 2007 |
| Where | IM |
| Authors | Yanyan Yang, Charles U. Martel, Shyhtsun Felix Wu |
Comments (0)
Researcher Info
|
