Title :
Algorithm to automatically solve security policy conflicts among IP devices configurations
Author :
Ferraresi, Simone ; Francocci, Emanuele ; Quaglini, Alessio ; Baiocchi, Andrea
Author_Institution :
ElsagDatamat S.p.A., Rome
Abstract :
One of the most critical aspects of security problems is the impossibility of accurately checking a system real weaknesses. In a complex and distributed environment this problem is greatly accentuated. During the process of configuration and implementation of the network security policies errors can occur, resulting in holes in security and, consequently, compromising the entire system functionality. These errors are often very hard to detect by performing a manual or visual inspection. For this reason, automatic management of this phase is required. Here we propose an algorithm to automatically tune up the configurations of the network devices in order to avoid unexpected and unwanted network behaviours. This algorithm will be described in all its phases and some results of the software implementation will be shown.
Keywords :
IP networks; distributed processing; error detection; telecommunication security; IP devices configurations; automatic management; distributed environment; error detection; manual inspection; network security policy; security policy conflicts; software implementation; system functionality; visual inspection; Algorithm design and analysis; Filtering; Formal languages; Inspection; Joining processes; Performance analysis; Protocols; Security; Software algorithms; Telecommunication traffic;
Conference_Titel :
Network Operations and Management Symposium, 2008. NOMS 2008. IEEE
Conference_Location :
Salvador, Bahia
Print_ISBN :
978-1-4244-2065-0
Electronic_ISBN :
1542-1201
DOI :
10.1109/NOMS.2008.4575248
