Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00
DOI: 10.1109/discex.2000.824955
|View full text |Cite
|
Sign up to set email alerts
|

Domain based Internet security policy management

Abstract: As security devices and protocols become widely used on the Internet, the task of managing and processing communication security policies grows steeply in its complexity. This paper presents a scaleable, robust, secure distributed system that can manage communication security policies associated with multiple network domains and resolving the policies -esp. those that specify the use of IP-AH/ESP security protocols -into security requirements for inter-domain communication.Technology innovation includes a form… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
10
0

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 18 publications
(10 citation statements)
references
References 8 publications
0
10
0
Order By: Relevance
“…Wang et al demonstrate that it is possible to structure security policies in such a way that policy reconciliation becomes tractable [8]. Zao et al propose the Security Policy System (SPS) which resolves IPsec security associations between domains of communication [10]. Reconciliation is achieved by intersecting sets of policy values.…”
Section: Related Workmentioning
confidence: 99%
“…Wang et al demonstrate that it is possible to structure security policies in such a way that policy reconciliation becomes tractable [8]. Zao et al propose the Security Policy System (SPS) which resolves IPsec security associations between domains of communication [10]. Reconciliation is achieved by intersecting sets of policy values.…”
Section: Related Workmentioning
confidence: 99%
“…The Security Policy System (SPS) was proposed by Zao et al [25]. Its purpose is to resolve IPsec security associa-tions between domains of communication.…”
Section: Related Workmentioning
confidence: 99%
“…One way to address the inherent complexity of reconciliation is by essentially "flattening" the policy representation, i.e., explicitly enumerating the various choices. For example, the IPsec Security Policy System (SPS) [33] guarantees efficient two-party reconciliation by intersecting fixed and independent sets of policy values. The DCCM system extends this approach to the multi-party environments by providing a Chinese menu reconciliation algorithm [1,2,11].…”
Section: Hardness Of Reconciliationmentioning
confidence: 99%
“…As a result, past investigations have largely achieved tractability by limiting the policy representation or by using heuristic algorithms [11,24,26,33]. Such approaches achieve the stated goals, but fail to efficiently capture dependencies between different aspects of a policy.…”
Section: Introductionmentioning
confidence: 99%