BANDS: An inter-domain internet security policy management system for IPSEC/VPN

Yanyan Yang; Zhi (Judy) Fu; S. Felix Wu

doi:10.1007/978-0-387-35674-7

BANDS: An inter-domain internet security policy management system for IPSEC/VPN

Yanyan Yang
, Zhi (Judy) Fu
, S. Felix Wu

Department of Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

19 Citations (Scopus)

Abstract

IPSec/VPN is widely deployed for users to remotely access their corporate data. IPSec policies must be correctly set up for VPN to provide anticipated protection. Manual policy setup is unscalable, inefficient and error-prone. Automated policy generation to comply with and enforce high-level security policies is desired but difficult, especially in an inter-domain environment when a VPN traverse multiple domains. This paper presents a distributed framework and protocol, BANDS, for inter-domain policy negotiation and generation. The BANDS architecture consists of two phases: AS (Autonomous System) route path discovery and an inter-domain collaborative protocol for policy negotiation among the autonomous systems discovered in the first phase. Each AS conceptually has one security requirement server responsible for the task of inter-domain policy negotiation. Following this two-step process in BANDS, a set of distributed security policies (for the implementation of policy enforcement) will be automatically negotiated/generated based on decentralized and predefined security requirements.

Original language	English
Title of host publication	Integrated Network Management VIII
Subtitle of host publication	Managing It All - IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003
Publisher	Springer New York LLC
Pages	231-244
Number of pages	14
ISBN (Print)	9781475755213
DOIs	https://doi.org/10.1007/978-0-387-35674-7
Publication status	Published - 2003
Event	IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003 - Colorado Springs, CO, United States Duration: 2003 Mar 24 → 2003 Mar 28

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	118
ISSN (Print)	1868-4238

Conference

Conference	IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003
Country/Territory	United States
City	Colorado Springs, CO
Period	03-03-24 → 03-03-28

All Science Journal Classification (ASJC) codes

Information Systems and Management

Access to Document

10.1007/978-0-387-35674-7

Cite this

Yang, Y., Fu, Z., & Felix Wu, S. (2003). BANDS: An inter-domain internet security policy management system for IPSEC/VPN. In Integrated Network Management VIII: Managing It All - IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003 (pp. 231-244). (IFIP Advances in Information and Communication Technology; Vol. 118). Springer New York LLC. https://doi.org/10.1007/978-0-387-35674-7

@inproceedings{3ed31467763b44deab9dc48f3a88b099,

title = "BANDS: An inter-domain internet security policy management system for IPSEC/VPN",

abstract = "IPSec/VPN is widely deployed for users to remotely access their corporate data. IPSec policies must be correctly set up for VPN to provide anticipated protection. Manual policy setup is unscalable, inefficient and error-prone. Automated policy generation to comply with and enforce high-level security policies is desired but difficult, especially in an inter-domain environment when a VPN traverse multiple domains. This paper presents a distributed framework and protocol, BANDS, for inter-domain policy negotiation and generation. The BANDS architecture consists of two phases: AS (Autonomous System) route path discovery and an inter-domain collaborative protocol for policy negotiation among the autonomous systems discovered in the first phase. Each AS conceptually has one security requirement server responsible for the task of inter-domain policy negotiation. Following this two-step process in BANDS, a set of distributed security policies (for the implementation of policy enforcement) will be automatically negotiated/generated based on decentralized and predefined security requirements.",

author = "Yanyan Yang and Fu, \{Zhi (Judy)\} and \{Felix Wu\}, S.",

year = "2003",

doi = "10.1007/978-0-387-35674-7",

language = "English",

isbn = "9781475755213",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer New York LLC",

pages = "231--244",

booktitle = "Integrated Network Management VIII",

note = "IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003 ; Conference date: 24-03-2003 Through 28-03-2003",

}

Yang, Y, Fu, Z & Felix Wu, S 2003, BANDS: An inter-domain internet security policy management system for IPSEC/VPN. in Integrated Network Management VIII: Managing It All - IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003. IFIP Advances in Information and Communication Technology, vol. 118, Springer New York LLC, pp. 231-244, IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003, Colorado Springs, CO, United States, 03-03-24. https://doi.org/10.1007/978-0-387-35674-7

BANDS: An inter-domain internet security policy management system for IPSEC/VPN. / Yang, Yanyan; Fu, Zhi (Judy); Felix Wu, S.
Integrated Network Management VIII: Managing It All - IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003. Springer New York LLC, 2003. p. 231-244 (IFIP Advances in Information and Communication Technology; Vol. 118).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - BANDS

T2 - IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003

AU - Yang, Yanyan

AU - Fu, Zhi (Judy)

AU - Felix Wu, S.

PY - 2003

Y1 - 2003

N2 - IPSec/VPN is widely deployed for users to remotely access their corporate data. IPSec policies must be correctly set up for VPN to provide anticipated protection. Manual policy setup is unscalable, inefficient and error-prone. Automated policy generation to comply with and enforce high-level security policies is desired but difficult, especially in an inter-domain environment when a VPN traverse multiple domains. This paper presents a distributed framework and protocol, BANDS, for inter-domain policy negotiation and generation. The BANDS architecture consists of two phases: AS (Autonomous System) route path discovery and an inter-domain collaborative protocol for policy negotiation among the autonomous systems discovered in the first phase. Each AS conceptually has one security requirement server responsible for the task of inter-domain policy negotiation. Following this two-step process in BANDS, a set of distributed security policies (for the implementation of policy enforcement) will be automatically negotiated/generated based on decentralized and predefined security requirements.

AB - IPSec/VPN is widely deployed for users to remotely access their corporate data. IPSec policies must be correctly set up for VPN to provide anticipated protection. Manual policy setup is unscalable, inefficient and error-prone. Automated policy generation to comply with and enforce high-level security policies is desired but difficult, especially in an inter-domain environment when a VPN traverse multiple domains. This paper presents a distributed framework and protocol, BANDS, for inter-domain policy negotiation and generation. The BANDS architecture consists of two phases: AS (Autonomous System) route path discovery and an inter-domain collaborative protocol for policy negotiation among the autonomous systems discovered in the first phase. Each AS conceptually has one security requirement server responsible for the task of inter-domain policy negotiation. Following this two-step process in BANDS, a set of distributed security policies (for the implementation of policy enforcement) will be automatically negotiated/generated based on decentralized and predefined security requirements.

UR - https://www.scopus.com/pages/publications/84904312147

UR - https://www.scopus.com/pages/publications/84904312147#tab=citedBy

U2 - 10.1007/978-0-387-35674-7

DO - 10.1007/978-0-387-35674-7

M3 - Conference contribution

AN - SCOPUS:84904312147

SN - 9781475755213

T3 - IFIP Advances in Information and Communication Technology

SP - 231

EP - 244

BT - Integrated Network Management VIII

PB - Springer New York LLC

Y2 - 24 March 2003 through 28 March 2003

ER -

Yang Y, Fu Z, Felix Wu S. BANDS: An inter-domain internet security policy management system for IPSEC/VPN. In Integrated Network Management VIII: Managing It All - IFIP/IEEE 8th International Symposium on Integrated Network Management, IM 2003. Springer New York LLC. 2003. p. 231-244. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-0-387-35674-7

BANDS: An inter-domain internet security policy management system for IPSEC/VPN

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this