One of the most critical aspects of security problems is the impossibility of accurately checking a system real weaknesses. In a complex and distributed environment this problem is greatly accentuated. During the process of configuration and implementation of the network security policies errors can occur, resulting in holes in security and, consequently, compromising the entire system functionality. These errors are often very hard to detect by performing a manual or visual inspection. For this reason, automatic management of this phase is required. Here we propose an algorithm to automatically tune up the configurations of the network devices in order to avoid unexpected and unwanted network behaviours. This algorithm will be described in all its phases and some results of the software implementation will be shown. ©2008 IEEE.
Algorithm to automatically solve security policy conflicts among IP devices configurations / S., Ferraresi; E., Francocci; A., Quaglini; Baiocchi, Andrea. - 1-2:(2008), pp. 923-926. (Intervento presentato al convegno Network Operations and Management Symposium, 2008. NOMS 2008. IEEE tenutosi a Salvador - Bahia; Brazil nel 7-11 aprile 2008) [10.1109/NOMS.2008.4575248].
Algorithm to automatically solve security policy conflicts among IP devices configurations
BAIOCCHI, Andrea
2008
Abstract
One of the most critical aspects of security problems is the impossibility of accurately checking a system real weaknesses. In a complex and distributed environment this problem is greatly accentuated. During the process of configuration and implementation of the network security policies errors can occur, resulting in holes in security and, consequently, compromising the entire system functionality. These errors are often very hard to detect by performing a manual or visual inspection. For this reason, automatic management of this phase is required. Here we propose an algorithm to automatically tune up the configurations of the network devices in order to avoid unexpected and unwanted network behaviours. This algorithm will be described in all its phases and some results of the software implementation will be shown. ©2008 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.