Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SP
1997
IEEE
1997
IEEE
Filtering Postures: Local Enforcement for Global Policies
When packet filtering is used as a security mechanism, different routers may need to cooperate to enforce the desired security policy. It is difficult to ensure that they will do so correctly. We introduce a simple language for expressing global network access control policies of a kind that filtering routers are capable of enforcing. We then introduce an algorithm that, given the network topology, will compute a set of filters for the individual routers; these filters are guaranteed to enforce the policy correctly. Since these filters may not provide optimal service, a human must sometimes alter them. A second algorithm compares a resulting set of filters to the global network access control policy to determine all policy violations, or to report that none exist. A prototype implementation demonstrates that the algorithms are efficient enough to give quick answers to questions of realistic scale.
Real-time TrafficAccess Control Policies | Global Network Access | Network Access Control | Security Privacy | SP 1997 |
Related Content
| Added | 06 Aug 2010 |
| Updated | 06 Aug 2010 |
| Type | Conference |
| Year | 1997 |
| Where | SP |
| Authors | Joshua D. Guttman |
Comments (0)
Researcher Info
|
