An Editor for Adaptive XML-Based Policy Management of IPSEC

Loading...
Thumbnail Image
Authors
Mohan, Raj
Levin, Timothy E.
Irvine, Cynthia E.
Subjects
Computer Security
Education
Simulation
Game
Advisors
Date of Issue
2003-12-08
Date
Publisher
Computer Security Applications Conference (ACSAC)
Language
Abstract
The IPSec protocol provides a mechanism to enforce a range of security services for both confidentiality and integrity, enabling secure transmission of information across networks. Dynamic parameterization of IPSec, via the Keynote trust management system, further enables security mechanisms to adjust the level of security service on-the-fly to respond to changing network and operational conditions. However Keynote requires that an IPSec policy be defined in the Keynote specification syntax. Defining such a dynamic security policy in the Keynote Policy Specification language is complicated and can lead to incorrect specification of the desired policy, thus degrading the security of the network. We present an alternative XML representation of this language and a graphical user interface to create and manage a consistent and correct security policy. The interface has the simplicity of a simple menu-driven editor that not only provides Keynote with a policy in the specified syntax but also integrates techniques to support administrative policy verification.
Type
Article
Description
Series/Report No
Department
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Annual Computer Security Applications Conference (ACSAC), December 8-12, 2003, Las Vegas, NV, USA
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections