메뉴 건너뛰기




Volumn 20, Issue 4, 2012, Pages 985-998

Network-level access control policy analysis and transformation

Author keywords

Firewall configuration; policy anomalies; policy conflict; policy transformation; policy translation

Indexed keywords

ACCESS CONTROL POLICIES; CONTROL ELEMENTS; FIREWALL CONFIGURATION; FORMAL MODEL; IDENTIFICATION AND REMOVAL; MATCHING RULES; OPTIMIZATION PROCEDURES; POLICY CONFLICT; POLICY MODEL; POLICY TRANSFORMATION; RESOLUTION STRATEGY; SECURITY ADMINISTRATOR;

EID: 84865344402     PISSN: 10636692     EISSN: None     Source Type: Journal    
DOI: 10.1109/TNET.2011.2178431     Document Type: Article
Times cited : (33)

References (29)
  • 1
    • 0037726388 scopus 로고    scopus 로고
    • Terminology for policy-based management
    • Nov.
    • A. Westerinen, "Terminology for policy-based management," RFC-3198, Nov. 2001.
    • (2001) RFC-3198
    • Westerinen, A.1
  • 2
    • 85008057842 scopus 로고    scopus 로고
    • Modeling and management of firewall policies
    • Apr.
    • E. Al-Shaer and H. Hamed, "Modeling and management of firewall policies," IEEE Trans. Netw. Service Manage., vol. 1, no. 1, pp. 2-10, Apr. 2004.
    • (2004) IEEE Trans. Netw. Service Manage. , vol.1 , Issue.1 , pp. 2-10
    • Al-Shaer, E.1    Hamed, H.2
  • 3
    • 27644451689 scopus 로고    scopus 로고
    • Conflict classification and analysis of distributed firewall policies
    • Oct.
    • E. Al-Shaer, H. Hamed, R. Boutaba, and M. Hasan, "Conflict classification and analysis of distributed firewall policies," IEEE J. Sel. Areas Commun., vol. 23, no. 10, pp. 2069-2084, Oct. 2005.
    • (2005) IEEE J. Sel. Areas Commun. , vol.23 , Issue.10 , pp. 2069-2084
    • Al-Shaer, E.1    Hamed, H.2    Boutaba, R.3    Hasan, M.4
  • 4
    • 33645337636 scopus 로고    scopus 로고
    • Taxonomy of conflicts in network security policies
    • Mar.
    • H. Hamed and E. Al-Shaer, "Taxonomy of conflicts in network security policies," IEEE Commun.Mag., vol. 44, no. 3, pp. 134-141, Mar. 2006.
    • (2006) IEEE Commun.Mag. , vol.44 , Issue.3 , pp. 134-141
    • Hamed, H.1    Al-Shaer, E.2
  • 5
    • 38549142814 scopus 로고    scopus 로고
    • Towards an algebraic approach to solve policy conflicts
    • Turku, Finland July
    • C. Basile and A. Lioy, "Towards an algebraic approach to solve policy conflicts," in Proc.WOLFASI, Turku, Finland, July 2004, pp. 319-338.
    • (2004) Proc.WOLFASI , pp. 319-338
    • Basile, C.1    Lioy, A.2
  • 6
    • 51749126096 scopus 로고    scopus 로고
    • Geometric interpretation of policy specification
    • New York, NY, Jun.
    • C. Basile, A. Cappadonia, and A. Lioy, "Geometric interpretation of policy specification," in Proc. IEEE Policy, New York, NY, Jun. 2008, pp. 78-81.
    • (2008) Proc. IEEE Policy , pp. 78-81
    • Basile, C.1    Cappadonia, A.2    Lioy, A.3
  • 7
    • 48049111138 scopus 로고    scopus 로고
    • Tuple based approach for anomalies detection within firewall filtering rules
    • Aveiro, Portugal, Jul.
    • M. Benelbahri and A. Bouhoula, "Tuple based approach for anomalies detection within firewall filtering rules," in Proc. IEEE ISCC, Aveiro, Portugal, Jul. 2007, pp. 63-70.
    • (2007) Proc. IEEE ISCC , pp. 63-70
    • Benelbahri, M.1    Bouhoula, A.2
  • 8
    • 70450212797 scopus 로고    scopus 로고
    • A topological approach to detect conflicts in firewall policies
    • Rome, Italy, May
    • S. Thanasegaran, Y. Yin, Y. Tateiwa, Y. Katayama, and N. Takahashi, "A topological approach to detect conflicts in firewall policies," in Proc. IEEE IPDPS, Rome, Italy, May 2009, pp. 1-7.
    • (2009) Proc. IEEE IPDPS , pp. 1-7
    • Thanasegaran, S.1    Yin, Y.2    Tateiwa, Y.3    Katayama, Y.4    Takahashi, N.5
  • 9
    • 38549119052 scopus 로고    scopus 로고
    • Automatic conflict analysis and resolution of traffic filtering policy for firewall and security gateway
    • DOI 10.1109/ICC.2007.220, 4288891, 2007 IEEE International Conference on Communications, ICC'07
    • S. Ferraresi, S. Pesic, L. Trazza, and A. Baiocchi, "Automatic conflict analysis and resolution of traffic filtering policy for firewall and security gateway," in Proc. IEEE ICC, Glasgow, Scotland, 2007, pp. 1304-1310. (Pubitemid 351145716)
    • (2007) IEEE International Conference on Communications , pp. 1304-1310
    • Ferraresi, S.1    Pesic, S.2    Trazza, L.3    Baiocchi, A.4
  • 10
    • 77950434020 scopus 로고    scopus 로고
    • Analyzing and resolving anomalies in firewall security policies based on propositional logic
    • Islamabad, Pakistan
    • M. Rezvani and R. Aryan, "Analyzing and resolving anomalies in firewall security policies based on propositional logic," in Proc. IEEE INMIC, Islamabad, Pakistan, 2009, pp. 1-7.
    • (2009) Proc. IEEE INMIC , pp. 1-7
    • Rezvani, M.1    Aryan, R.2
  • 11
    • 84865319544 scopus 로고    scopus 로고
    • Semantic model for IPSec policy interaction
    • Mar.
    • J. Zao, "Semantic model for IPSec policy interaction," Internet Draft, Mar. 2000.
    • (2000) Internet Draft
    • Zao, J.1
  • 12
    • 84944041936 scopus 로고    scopus 로고
    • IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution
    • Policies for Distributed Systems and Networks
    • Z. Fu, S. F. Wu, H. Huang, K. Loh, F. Gong, I. Baldine, and C. Xu, "IPSec/VPN security policy: Correctness, conflict detection and resolution," in Proc. IEEE Policy, Bristol, U.K., 2001, pp. 39-56. (Pubitemid 33225339)
    • (2001) Lecture notes in computer science , Issue.1995 , pp. 39-56
    • Fu, Z.1    Wu, S.F.2    Huang, H.3    Loh, K.4    Gong, F.5    Baldine, I.6    Xu, C.7
  • 15
    • 0345180675 scopus 로고
    • The representation of policies as system objects
    • Atlanta, GA
    • J. D. Moffett and M. S. Sloman, "The representation of policies as system objects," in Proc. SIGOIS, Atlanta, GA, 1991, pp. 171-184.
    • (1991) Proc. SIGOIS , pp. 171-184
    • Moffett, J.D.1    Sloman, M.S.2
  • 16
    • 0027886238 scopus 로고
    • Policy hierarchies for distributed system management
    • Nov.
    • J. D. Moffett and M. S. Sloman, "Policy hierarchies for distributed system management," IEEE J. Sel. Areas Commun., vol. 11, no. 9, pp. 1404-1414, Nov. 1993.
    • (1993) IEEE J. Sel. Areas Commun. , vol.11 , Issue.9 , pp. 1404-1414
    • Moffett, J.D.1    Sloman, M.S.2
  • 17
    • 0012794098 scopus 로고
    • Policy conflict analysis in distributed system management
    • J. D.Moffett and M. S. Sloman, "Policy conflict analysis in distributed system management," J. Org. Comput., vol. 4, no. 1, pp. 1-22, 1993.
    • (1993) J. Org. Comput. , vol.4 , Issue.1 , pp. 1-22
    • Moffett, J.D.1    Sloman, M.S.2
  • 18
    • 0033333334 scopus 로고    scopus 로고
    • Conflicts in policy-based distributed systems management
    • DOI 10.1109/32.824414
    • E. Lupu and M. Sloman, "Conflicts in policy-based distributed system management," IEEE Trans. Softw. Eng., vol. 25, no. 6, pp. 852-869, Nov. 1999. (Pubitemid 30583219)
    • (1999) IEEE Transactions on Software Engineering , vol.25 , Issue.6 , pp. 852-869
    • Lupu, E.C.1    Sloman, M.2
  • 19
    • 0028726831 scopus 로고
    • Policy driven management for distributed systems
    • M. Sloman, "Policy driven management for distributed systems," J. Netw. Syst. Manage., vol. 2, no. 4, pp. 333-360, 1994.
    • (1994) J. Netw. Syst. Manage. , vol.2 , Issue.4 , pp. 333-360
    • Sloman, M.1
  • 20
    • 38649128960 scopus 로고    scopus 로고
    • Dynamic policy model for large evolving enterprises
    • Seattle, WA Sep.
    • N. Dunlop, J. Indulska, and K. A. Raymond, "Dynamic policy model for large evolving enterprises," in Proc. EDOC, Seattle, WA, Sep. 2001, pp. 193-197.
    • (2001) Proc. EDOC , pp. 193-197
    • Dunlop, N.1    Indulska, J.2    Raymond, K.A.3
  • 21
    • 71749117200 scopus 로고    scopus 로고
    • A formal specification of conflicts in dynamic policy-based management system
    • Univ. Queensland, Brisbane, Australia, DSTC Tech. Rep. Aug.
    • K. A. R. N. Dunlop and J. Indulska, "A formal specification of conflicts in dynamic policy-based management system," CRC for Enterprise Distributed Systems, Univ. Queensland, Brisbane, Australia, DSTC Tech. Rep., Aug. 2001.
    • (2001) CRC for Enterprise Distributed Systems
    • Dunlop, K.A.R.N.1    Indulska, J.2
  • 24
    • 84865319545 scopus 로고    scopus 로고
    • Precedence rules used to resolve access conflicts at a target
    • [Online]
    • "Precedence rules used to resolve access conflicts at a target," IBM Lotus Domino and Notes Information Centre, 2011 [Online]. Available: http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp
    • (2011) IBM Lotus Domino and Notes Information Centre
  • 25
    • 84884990589 scopus 로고    scopus 로고
    • Algebraic models to detect and solve policy conflicts
    • St. Petersburg, Russia
    • C. Basile,A. Cappadonia, andA. Lioy, "Algebraic models to detect and solve policy conflicts," in Proc. MMM-ACNS, St. Petersburg, Russia, 2007, pp. 242-247.
    • (2007) Proc. MMM-ACNS , pp. 242-247
    • Basile, C.1    Cappadonia, A.2    Lioy, A.3
  • 26
    • 0004190631 scopus 로고
    • Providence RI: Amer. Math. Soc.
    • G. Birkhoff, Lattice Theory. Providence, RI: Amer. Math. Soc., 1967.
    • (1967) Lattice Theory
    • Birkhoff, G.1
  • 27
    • 25844452925 scopus 로고    scopus 로고
    • Scalable packet classification using distributed crossproducting of field labels
    • Washington Univ., Washington, DC, Tech. Rep. WUCSE-2004-38
    • D. Taylor and J. Turner, "Scalable packet classification using distributed crossproducting of field labels," Dept. Comput. Sci. Eng., Washington Univ., Washington, DC, Tech. Rep. WUCSE-2004-38, 2004.
    • (2004) Dept. Comput. Sci. Eng.
    • Taylor, D.1    Turner, J.2
  • 28
    • 33745129743 scopus 로고    scopus 로고
    • Survey and taxonomy of packet classification techniques
    • DOI 10.1145/1108956.1108958
    • D. Taylor, "Survey and taxonomy of packet classification techniques," Comput. Surveys, vol. 37, no. 3, pp. 238-275, 2005. (Pubitemid 43892671)
    • (2005) ACM Computing Surveys , vol.37 , Issue.3 , pp. 238-275
    • Taylor, D.E.1
  • 29
    • 0037947385 scopus 로고    scopus 로고
    • Fast and scalable packet classification
    • May
    • J. van Lunteren and T. Engbersen, "Fast and scalable packet classification," IEEE J. Sel. Areas Commun., vol. 21, no. 4, pp. 560-571, May 2003.
    • (2003) IEEE J. Sel. Areas Commun. , vol.21 , Issue.4 , pp. 560-571
    • Van Lunteren, J.1    Engbersen, T.2


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.