IPsec/VPN security policy correctness and assurance

نویسندگان

  • Yanyan Yang
  • Charles U. Martel
  • Zhi Fu
  • Shyhtsun Felix Wu
چکیده

With IPSec/VPN policies being widely deployed, how to correctly specify and configure them is critical in enforcing security requirements. Under current practice, IPSec/VPN policies are usually specified manually by system administrators and thus prone to errors. However, dynamic aspects in the network may interfere with the existing policy set up and thus cause unexpected conflict. To deal with these problems, we formally define IPSec security requirements, policies, and their correctness criteria. Based on these definitions, we present an inter-domain architecture to automatically generate correct and efficient security policies. Our approach works when we are given a set of security requirements for a single end-to-end traffic flow. We can also deal with changes when new security requirements are added. Finally, we present simulation results which evaluate the performance of our solutions. Keyword: IPSec/VPN Security Policy, Security Requirement, Security Policy Correctness, Security Policy Management, Security Policy Assurance

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution

IPSec (Internet Security Protocol Suite) functions will be executed correctly only if its policies are correctly specified and configured. Manual IPSec policy configuration is inefficient and error-prone. An erroneous policy could lead to communication blockade or serious security breach. In addition, even if policies are specified correctly in each domain, the diversified regional security pol...

متن کامل

IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution1

IPSec (Internet Security Protocol Suite) functions will be executed correctly only if its policies are correctly specified and configured. Manual IPSec policy configuration is inefficient and error-prone. An erroneous policy could lead to communication blockade or serious security breach. In addition, even if policies are specified correctly in each domain, the diversified regional security pol...

متن کامل

Automatic Generation of IPSec/VPN Security Policies In an Intra-Domain Environment

IPSec [1] policies are widely deployed in firewalls or security gateways to protect information property. The security treatment (e.g. deny, allow or encrypt etc.) of all inbound or outbound traffic will be determined by the security policies, and thus it is critical for policies to be specified and configured correctly. IPSec policies are manually configured to individual security gateway in c...

متن کامل

BANDS: An Inter-domain Internet Security Policy Management System for IPSec/VPN

IPSecNPN is widely deployed for users to remotely access their corporate data. IPSec policies must be correctly set up for VPN to provide anticipated protection. Manual policy setup is unscalable, inefficient and error-prone. Automated policy generation to comply with and enforce high-level security policies is desired but difficult, especially in an inter-domain environment when a VPN traverse...

متن کامل

A 10 Giga VPN Accelerator Board for Trust Channel Security System

This paper proposes a VPN Accelerator Board (VPN-AB), a virtual private network (VPN) protocol designed for trust channel security system (TCSS). TCSS supports safety communication channel between security nodes in internet. It furnishes authentication, confidentiality, integrity, and access control to security node to transmit data packets with IPsec protocol. TCSS consists of internet key exc...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • J. High Speed Networks

دوره 15  شماره 

صفحات  -

تاریخ انتشار 2006