Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
|
 |
Algebraic Models to Detect and Solve Policy Conflicts
| |
|
| Communications in Computer and Information Science |
Computer Network Security
Fourth International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS
2007 St. Petersburg, Russia, September 13–15, 2007 Proceedings
|
| 10.1007/978-3-540-73986-9_20 |
| Vladimir Gorodetsky, Igor Kotenko and Victor A. Skormin |
Algebraic Models to Detect and Solve Policy Conflicts
Cataldo Basile3  , Alberto Cappadonia3 and Antonio Lioy3
| (3) |
Dipartimento di Automatica e Informatica, Politecnico di Torino, Torino, Italia |
Abstract
The management of security for large and complex environments still represents an open problem and the policy-based systems
are certainly one of the most innovative and effective solution to this problem. The policy, that at low level is expressed
by sets of rules, becomes crucial for the consistency of the systems to be protected and it is necessary to check it for correctness.
This paper presents a set-based model of rules that permits the static conflict detection and an axiomatic model of conflict
resolution leading to semi-lattices theory to solve inconsistencies. We proved the effectiveness of the theory implementing
an extensible tool supporting security officers in creating rules by providing an easy environment to identify the conflicts
and to use manual as well as automatic resolution strategies.
Keywords security policy model - policy conflicts detection - policy conflicts resolution - firewall rules analysis - policy specification
This work is part of the POSITIF and DESEREC projects, funded by the European Commission under contracts, IST 002314 and 026600.
Fulltext Preview (Small, Large)
 References secured to subscribers.
|
|
|
|
|
|