TY - GEN
T1 - IPSec/VPN security policy
T2 - International Workshop on Policies for Distributed Systems and Networks, POLICY 2001
AU - Fu, Zhi
AU - Wu, S. Felix
AU - Huang, He
AU - Loh, Kung
AU - Gong, Fengmin
AU - Baldine, Ilia
AU - Xu, Chong
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2001.
PY - 2001
Y1 - 2001
N2 - IPSec (Internet Security Protocol Suite) functions will be executed correctly only if its policies are correctly specified and configured. Manual IPSec policy configuration is inefficient and error-prone. An erroneous policy could lead to communication blockade or serious security breach. In addition, even if policies are specified correctly in each domain, the diversified regional security policy enforcement can create significant problems for end-to-end communication because of interaction among policies in different domains. A policy management system is, therefore, demanded to systematically manage and verify various IPSec policies in order to ensure an end-to-end security service. This paper contributes to the development of an IPSec policy management system in two aspects. First, we defined a high-level security requirement, which not only is an essential component to automate the policy specification process of transforming from security requirements to specific IPSec policies but also can be used as criteria to detect conflicts among IPSec policies, i.e. policies are correct only if they satisfy all requirements. Second, we developed mechanisms to detect and resolve conflicts among IPSec policies in both intradomain and inter-domain environment.
AB - IPSec (Internet Security Protocol Suite) functions will be executed correctly only if its policies are correctly specified and configured. Manual IPSec policy configuration is inefficient and error-prone. An erroneous policy could lead to communication blockade or serious security breach. In addition, even if policies are specified correctly in each domain, the diversified regional security policy enforcement can create significant problems for end-to-end communication because of interaction among policies in different domains. A policy management system is, therefore, demanded to systematically manage and verify various IPSec policies in order to ensure an end-to-end security service. This paper contributes to the development of an IPSec policy management system in two aspects. First, we defined a high-level security requirement, which not only is an essential component to automate the policy specification process of transforming from security requirements to specific IPSec policies but also can be used as criteria to detect conflicts among IPSec policies, i.e. policies are correct only if they satisfy all requirements. Second, we developed mechanisms to detect and resolve conflicts among IPSec policies in both intradomain and inter-domain environment.
UR - https://www.scopus.com/pages/publications/84944041936
UR - https://www.scopus.com/pages/publications/84944041936#tab=citedBy
U2 - 10.1007/3-540-44569-2_3
DO - 10.1007/3-540-44569-2_3
M3 - Conference contribution
AN - SCOPUS:84944041936
SN - 3540416102
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 39
EP - 56
BT - Policies for Distributed Systems and Networks - International Workshop, POLICY 2001, Proceedings
A2 - Sloman, Morris
A2 - Lupu, Emil C.
A2 - Lobo, Jorge
PB - Springer Verlag
Y2 - 29 January 2001 through 31 January 2001
ER -