Policy Core Information Model -- Version 1 Specification

Moore, Benjamin; Ellesson, E.; Strassner, John; Westerinen, Andrea

doi:10.17487/rfc3060

Cited by 322 publications

(185 citation statements)

References 4 publications

Supporting

Mentioning

182

Contrasting

Unclassified

Order By: Relevance

“…It can express stateful and stateless rules (although an administrator does not need to know these kind of details, since complexity is hidden in the language), positive and negative rules, overlappings, exceptions, and can be compiled to six market-leader firewall languages. Some organizations have even proposed languages to represent access control policies as XML documents, such as XACML [8], PCIM [9], Rule-ML [10], and SRML [11]. However, none of these languages is specific enough for firewall access control policies, resulting in a complexity to express firewall concepts, or in an impossibility to express them at all (this is the case of NAT for all these languages).…”

Section: Related Workmentioning

confidence: 99%

“…Many third-party domain specific languages (DSLs) have been proposed to abstract the network administrator from the underlying firewall platform details and language syntax [6,7,8,9,10,11]. A domain specific language provides more possibilities to network administrators, since it can raise the abstraction level of the problem domain using its own concepts.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT

Pozo

Varela-Vaca

Gasca

2009

Computational Science and Its Applications – ICCSA 2009

View full text Add to dashboard Cite

Abstract. The design and management of firewall ACLs is a very hard and error-prone task. Part of this complexity comes from the fact that each firewall platform has its own low-level language with a different functionality, syntax, and development environment. Although several high-level languages have been proposed to model firewall access control policies, none of them has been widely adopted by the industry due to a combination of factors: high complexity, no support of important features of firewalls, no common development process, etc. In this paper, a development process for Firewall ACLs based on the Model Driven Architecture (MDA) framework is proposed. The framework supports the market leaders firewall platforms and is user-extensible. The most important access control policy languages are reviewed, with special focus on the development of firewall ACLs. Based on this analysis a new DSL language for firewall ACLs, AFPL2, covering most features other languages do not cover, is proposed. The language is then used as the platform independent metamodel, the first part of the MDA-based framework.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT

Pozo

Varela-Vaca

Gasca

2009

Computational Science and Its Applications – ICCSA 2009

View full text Add to dashboard Cite

show abstract

“…The development follows a top-down approach where core classes are defined first and later extended to model specific services. The DMTF and the IETF jointly developed policy extensions of the CIM, known as PCIM [RFC3060]. o The main practical use of CIM schemas today seems to be the definition of data structures used internally by management systems.…”

Section: Cim / Mof / Uml / Pcimmentioning

confidence: 99%

“…o The Common Information Model (CIM) [CIM], developed by the Distributed Management Task Force (DMTF), has been extended in cooperation with the DMTF to describe high-level policies as rule sets (PCIM) [RFC3060]. Mappings of the CIM policy extensions to LDAP schemas have been defined and work continues to define specific schema extension for QoS and security policies.…”

Section: Introductionmentioning

confidence: 99%

Overview of the 2002 IAB Network Management Workshop

Schoenwaelder¹

2003

View full text Add to dashboard Cite

“…We have used a subset of Core Information Model [10] and QoS Information Model [11] proposed in IETF with slight modifications. These modifications are necessary to override the limitations of direct attachment of some object classes.…”

Section: Policy Frameworkmentioning

confidence: 99%

Management and Realization of SLA for Providing Network QoS

Hashmani¹,

Yoshida²,

Ikenaga

et al. 2001

Networking — ICN 2001

View full text Add to dashboard Cite

Abstract.We consider an SLA (Service Level Agreement) committed between two parties to use the guarantee of QoS provided by a QoS Enabled Network (QEN). QEN can provide guarantee of QoS because a Bandwidth Broker (BB) manages its resources based on a policy. The IETF and the DMTF have done extensive work in this field and have proposed a policy framework in order to store and manage policy and the standardization process is still going on. However, not much work has been done in the field of realization and management of SLA, which is necessary in order to utilize QoS provided by the network layer as perceived by the service layer. In this paper, we propose a new methodology of SLO templates (machine readable description of human readable textual SLA) to negotiate and commit SLA to utilize QoS provided by networks as perceived by businesses like that of a virtual leased line service. We also describe the implementation of our proposed SLO templates in our BB.

show abstract

Policy Core Information Model -- Version 1 Specification

Cited by 322 publications

References 4 publications

MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT

MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT

Overview of the 2002 IAB Network Management Workshop

Management and Realization of SLA for Providing Network QoS

Contact Info

Product

Resources

About