University of Twente Proceedings
Automatic Generation of IPSec/VPN Security Policies In an Intra-Domain Environment
Fu, Zhi (Judy) and Wu, S. Felix (2001) Automatic Generation of IPSec/VPN Security Policies In an Intra-Domain Environment. In: 12th International Workshop on Distributed Systems: Operations & Management., 15 October 2001 - 17 October 2001, Nancy, France .
PDF
432kB |
Event: | 12th International Workshop on Distributed Systems: Operations & Management., 15 October 2001 - 17 October 2001, Nancy, France |
Abstract: | IPSec [1] policies are widely deployed in firewalls or security gateways to protect information property. The security treatment (e.g. deny, allow or encrypt etc.) of all inbound or outbound traffic will be determined by the security policies, and thus it is critical for policies to be specified and configured correctly. IPSec policies are manually configured to individual security gateway in current practice, which could be very inefficient and error-prone. In this research, we focus on two questions: 1) How to ensure policy correctness? 2) How to systematically specify correct policies instead of manually configuring? Apparently, policies are correct if they do what they are wanted to do. However, there is vague relationship between what they are wanted and what they really do. In our research, we clearly defined a higher level policy, called security requirement, and clearly defined their satisfaction. Therefore, policies are correct only if they satisfy all requirements. Furthermore, we designed algorithms to automatically generate correct policies given security requirements. People can specify their requirements at a high level without concerning specific low level parameters, and then correct low level policies will be automatically generated. The automation can not only save tremendous administrative labor but also guarantee the policies are correct. |
Item Type: | Conference or Workshop Item (Paper) |
Uncontrolled Keywords: | Security Policy Management, IPSec Policy, Security Policy Specification, Security Requirement, Firewall |
Link to this item: | https://doi.org/10.3990/2.24 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page