Abstract
The large-scale network environment incarnates interconnection of different security domains. There are different security policies in the domain or among the domains, and conflicts can arise in the set of policies which lack of trust and consultation. A network security policy model is proposed in this paper. By defining and describing security policy and domain, the policies’ integrity, validity, consistency, conflicts detecting, resolving and releasing are studied. The policy implementation mechanism is based on rule engine. This paper gives the achieve steps and efficiency analysis. The technology can be adapted to establishing and controlling the policy service in the extensive network environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Yavatkar, R., Pendarakis, D., Guerin, R.: A framework for Policy-based Admission Control (2000), http://www.rfc-archive.org/getrfc.php?rfc=2753
Osborn, S., Sandhu, R.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM transaction on Information and System Security (2000)
Sandhu, R., Conyne, E.J., Lfeinstein, H., Youman, C.E.: Role based access control models. IEEE Computer (1996)
Shou-peng, L.I., Hong-bo, S.: Security policies for Information Systems. Acta Electronica Sinica (2003)
Schaad, A.: Detection conflicts in a role-based delegation model. In: The 17th Annual Security Applications Conf. (ACSAC 2001), New Orleans, Louisiana (2001)
Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict Classification and Analysis of Distributed Firewall policies (2005), http://www.mnlab.cs.depaul.edu/projects/FPA/files/jsac05.pdf
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations (1997), http://seclab.dti.unimi.it/Papers/oak97-final.ps
Lupu, E., Sloman, M.: Conflict Analysis for Management Policies (1997), http://www.doc.ic.ac.uk/~ecl1/wiki/lib/exe/fetch.php?id=emil%3Aresearchthemes%3Apubbytheme&cache=cache&media=research:papers:1997im.pdf
Jonathan, D., Morris, S.: Policy Conflict Analysis in Distributed System Management (1993), http://www.moffett.me.uk/jdm/pubs/polconfl.pdf
Wahl, M., Howes, T., Kille, S.: Lightweight Directory Access Protocol (v3) (1997), http://www.rfc-archive.org/getrfc.php?rfc=2251
Kohli, M., Lobo, J.: Realizing Network Control Policies Using Distributed Action Plans. Journal of Network and Systems Management 11(3), 305–327 (2003)
Forgy, C.: Rete: A Fast Algorithm for the Many Pattern/ Many Object Pattern Match Problem. Artificial Intelligence 19(1), 17–37 (1982)
Proctor, M., Neale, M., Lin, P., Frandsen, M.: JBoss Rules User Guide 3.0 (2006), http://labs.jboss.com/file-access/default/members/jbossrules/freezone/docs/3.0.1/html_single/index.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tang, C., Yao, S., Cui, Z., Mao, L. (2006). A Network Security Policy Model and Its Realization Mechanism. In: Lipmaa, H., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2006. Lecture Notes in Computer Science, vol 4318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11937807_14
Download citation
DOI: https://doi.org/10.1007/11937807_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49608-3
Online ISBN: 978-3-540-49610-6
eBook Packages: Computer ScienceComputer Science (R0)