Dynamic Policy-Based Network Management for a Secure Coalition Environment (original) (raw)
Related papers
A Policy-based Network Management System
International Conference on Artificial Intelligence, 1999
In April 2006 the PBNM prototype system developed by Defence R&D Canada (DRDC) Ottawa in collaboration with the Communications Research Centre (CRC) was demonstrated to The Technical Cooperation Program (TTCP) Panel 11 using five Administrative Domains (ADs) interconnected by the DREnet as a Wide Area Network (WAN). The purpose of the demonstration was to illustrate how the prototype system automates the configuration and administration of Policy Enforcement Point (PEP) devices using low level policies generated from negotiated high level policies by a Policy Decision Point (PDP). Lessons learned from the demonstration related to the complexity of the policy specification and the non-intuitive nature of the policy administration tool, as well as to the lack of integrity provided by the Policy Repository for policy documents and policy negotiation objects. Further design and development efforts are required to address the deficiencies and issues identified during the planning, implementation, and presentation of the demonstration.
Defence R&D Canada (DRDC) developed the dynamic virtual private network controller (DVC) prototype as a concept demonstrator for the rapid deployment and self-configuration of dynamic virtual private networks (VPNs) to support secure information exchange for dynamic multinational coalition operations, and has demonstrated the DVC prototype in both local and international environments. The establishment and management of the VPNs requires the coalition members to exchange configuration information and security access policies. When any of this information changes, the coalition VPNs must be reconfigured. Initially the configuration of VPNs required manual intervention by an operator. The DVC prototype is being extended to automate the configuration process by exploiting the concepts and technologies of policy-based network management (PBNM) systems. This paper describes the original DVC prototype, and the ongoing work to achieve a dynamic configuration capability using PBNM techniques, which is being done in collaboration with the Communications Research Centre (CRC) in Canada and the University of Murcia (UMU) in Spain. The paper also gives some guidance for the potential use of the DVC concept in a NATO environment.
Policy-based network management
Bell Labs Technical Journal, 2004
Depending on the context, a policy can be a paper document, a table for selecting options, a sequence of logical assertions to automate operational decisions, or a tool to articulate business goals and service priorities and facilitate decisions in enforcing business rules and service priorities. In this paper, we will analyze these aspects of policies and show how they relate to each other. We will also analyze industry practices, examine applicable standards, and explore some advantages that a policy-based system can offer in such areas as network management, quality of service (QoS), and network security.
Policy-Based Management of the inter-Domain communications Security
2005
Because of the enormous number of enterprises to manage by the inter-domain communication infrastructure manager and the permanent modifications that could occur in this management environment, the security management must be based-policy. In this work we will present a Dynamic Management Environment of the Inter-Domain Communications Security (DMEIDCS) where the Ponder language is used to specify security and management policies. The proposed approach will be characterized by a large opening on the customer by permitting him to interact directly and in real time with the management environment DMEIDCS.
2013
Abstract. Because of the enormous number of enterprises to manage by the inter-domain communication infrastructure manager and the permanent modifications that could occur in this management environment, the security management must be based-policy. In this work we will present a Dynamic Management Environment of the Inter-Domain Communications Security (DMEIDCS) where the Ponder language is used to specify security and management policies. The proposed approach will be characterized by a large opening on the customer by permitting him to interact directly and in real time with the management environment DMEIDCS. 1.
Policy Based Security and Network Management in Computer Networks
2015
Computer networks are ubiquitous in nature with a plethora of networking models that are suited to different organizations. However, security has been a concern in such networks besides managing network effectively. Mostly network security is based on the needs of the organization which used the network for secure communications. However, the actual implementation of security is achieved by defining policies that guide the policy management tool to take expert decisions. The policies when defined perfectly, the security can be most effective. Network administrators depend on traditional tools that can be used to monitor happenings in the network. However, when there are plenty of messages in the reports and network administrators need time to analyze and made decisions, they cannot prevent damage that has been caused already. Therefore a real time approach is desired for both network management and security in computer networks. We believe that policy based security and network mana...
A Policy-Driven Network Management System for the Dynamic Configuration of Military Networks
Lecture Notes in Computer Science, 2009
Military networks constantly evolve to accommodate state-of-the-art technological developments across both military and commercial systems. Operating and maintaining such complex networks is no longer a trivial task. This paper presents a policy-based network management system for military networks which allows non-technical personnel (e.g. the military commander) to guide the network to behave towards specific objectives. Through policies, the system can optimize an IP-based multi-class military network with different or combinations of objectives, as requested by the decision makers. We show how the system can dynamically produce the required network configurations given specific requirements and illustrate its practicality using case studies.
Integrated security services for dynamic coalitions
2003
Coalitions are collaborative networks of autonomous domains where resource sharing is achieved by the distribution of access permissions to coalition members based on negotiated resource-sharing agreements. The focus of our research is on dynamic coalitions, namely, coalitions where member domains may leave or new domains may join during the life of the coalition. We have developed a set of tools that integrate security services for dynamic coalitions, namely, services for (1) private and shared resource management, (2) identity and attribute certificate management, (3) secure group communication, and (4) joint administration for enforcing joint-action policies on shared critical resources. In this extended abstract we give an overview of the architecture and implementation of our tools.