Using an Information Model and Associated Ontology for Selection of Policies for Conflict Analysis

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Steven Davy Articles by Brendan Jennings Articles by John Strassner

2008 IEEE Workshop on Policies for Distributed Systems and Networks

June 02-June 04

ISBN: 978-0-7695-3133-5

	ASCII Text	x
	Steven Davy, Brendan Jennings, John Strassner, "Using an Information Model and Associated Ontology for Selection of Policies for Conflict Analysis," Policies for Distributed Systems and Networks, IEEE International Workshop on, pp. 82-85, 2008 IEEE Workshop on Policies for Distributed Systems and Networks, 2008.

	BibTex	x
	@article{ 10.1109/POLICY.2008.33, author = {Steven Davy and Brendan Jennings and John Strassner}, title = {Using an Information Model and Associated Ontology for Selection of Policies for Conflict Analysis}, journal ={Policies for Distributed Systems and Networks, IEEE International Workshop on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3133-5}, pages = {82-85}, doi = {http://doi.ieeecomputersociety.org/10.1109/POLICY.2008.33}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Policies for Distributed Systems and Networks, IEEE International Workshop on TI - Using an Information Model and Associated Ontology for Selection of Policies for Conflict Analysis SN - 978-0-7695-3133-5 SP82 EP85 A1 - Steven Davy, A1 - Brendan Jennings, A1 - John Strassner, PY - 2008 KW - Policy Conflict Analysis KW - Policy Selection VL - 0 JA - Policies for Distributed Systems and Networks, IEEE International Workshop on ER -

Steven Davy

Brendan Jennings

John Strassner

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/POLICY.2008.33

We present an analysis process targeting identification of potential policy conflicts within sets of policies relating to multiple network devices and the security services deployed on them. The process targets pre-deployment identification of potential conflicts betweena newly created (or modified) policy and already deployed policies. It employs an algorithm which, with the aid of an ontology, selects the relevant subset of policies that should be compared with the "candidate" policy, together with an algorithm that identifies the relationships between a given pair of policies and compares these to a conflict signature pattern encoded in an information model. Operation of the process is illustrated via a scenario describing how it can identify conflicts between firewall filtering policies and IPSec VPN policies that are deployed on different network devices.

Index Terms:

Policy Conflict Analysis, Policy Selection

Citation:

Steven Davy, Brendan Jennings, John Strassner, "Using an Information Model and Associated Ontology for Selection of Policies for Conflict Analysis," policy, pp.82-85, 2008 IEEE Workshop on Policies for Distributed Systems and Networks, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.