A Path-based network policy language.
Stone, Gary N.
MetadataShow full item record
Network policies are "traffic regulations" for the networks which make up the Internet. These are necessary for managing the flow of data, for access control to the network, and for managing the network to achieve other types of quality of service goals. However, with the myriad of different policies and networks, all with varying needs, conflicts can arise between network policies. Detecting and correcting these conflicts can be quite difficult for human administrators. Thus, there is a need for a theoretically sound method for specifying policy and for automatically detecting policy conflicts. This dissertation presents a path-based policy language that is more comprehensive than earlier languages for describing network policy. The Path- based Policy Language (PPL) is a formal language for constructing models of Internet service and access control. This path-based language is extensible and allows for an unambiguous representation of network policies based on both the static and dynamic attributes of today's networks. To support this language, both a compiler and policy conflict tester were developed. These tools accept network policies specified in PPL, translate them into formal logic, and using a theorem prover to test for policy conflicts. PPL allows for the efficient representation of large networks with its abbreviated path format. This path format allows multiple paths to be represented with one statement.
Approved for public release, distribution unlimited.
Showing items related by title, author, creator and subject.
Falby, Naomi; Thompson, Michael F.; Irvine, Cynthia E. (IEEE, 2004-06-00);The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional ...
Guven, Ahmet (Monterey, California. Naval Postgraduate School, 2003-03);Policy based network management has an increasing importance depending on the increasing importance of distributed large networks and the growing number of services that run on them. Policy languages, which enable users ...
Ekin, Tufan (Monterey, California. Naval Postgraduate School, 2002-03);The Path-based Policy Language (PPL) is a formal network policy language for constructing models of Internet service and access control. Seven changes have been made to the LEXER and YACC code of PPL. Five of the changes ...