Intra and Inter Policy Conflicts Dynamic Detection Algorithm
| Autor: | Roumaissa Khelf, Nassira Ghoualmi |
|---|---|
| Předmět: |
SIMPLE (military communications protocol)
business.industry computer.internet_protocol Security policy Computer security computer.software_genre Networking hardware Task (project management) Internet protocol suite IPsec Network security policy Business computer Algorithm Computer network Vulnerability (computing) |
| Zdroj: | Web of Science |
| Popis: | IPsec (Internet Protocol security) is a set of mechanisms proposed to secure IP network data communication. However IPsec functioning is not done properly except when the political security requirements are met. The security policy configuration is a complex and error-prone task, due to their complex semantics. In a dynamic environment, where the policy rules are frequently updated, the error rate is higher. Each network device policy should be analyzed carefully to prevent security policy conflicts. Different types of conflicts can be identified due to rule misconfiguration within a single IPsec device (intra-policy conflicts) or due to inconsistency between different IPsec policies (inter-policy conflicts). Policy conflicts can cause serious security infraction, which increase the network vulnerability. In this paper we propose an algorithm for dynamic detection of both intra and inter IPsec Security policy conflicts. The proposed algorithm is based on a simple and comprehensive mechanism that uses Boolean functions to classify and identify. The resolution of intra-policy conflict is also integrated into our algorithm. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|