Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

  • Simon N. Foley
  • William Fitzgerald
  • Stefano Bistarelli
  • Barry O’Sullivan
  • Mícheál Ó Foghlú
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4268)


The challenge for autonomic network management is the provision of future network management systems that have the characteristics of self-management, self-configuration, self-protection and self-healing, in accordance with the high level objectives of the enterprise or human end-user. This paper proposes an abstract model for network configuration that is intended to help understand fundamental underlying issues in self-configuration. We describe the cascade problem in self-configuring networks: when individual network components that are securely configured are connected together (in an apparently secure manner), a configuration cascade can occur resulting in a mis-configured network. This has implications for the design of self-configuring systems and we discuss how a soft constraint-based framework can provide a solution.


Constraint Satisfaction Problem Secure Network Autonomic Computing Network Management System High Level Objective 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Drogseth, D., Hultquist, S., Nudler, J.: Network Performance Management: Three key technology challenges. Special Report (2004),
  2. 2.
    Magrath, S., Chiang, F., Markovits, S., Braun, R., Cuervo, F.: Autonomics in Telecommunications Service Activation. In: First International Workshop on Autonomic Communication for Evolvable Next Generation Networks (2005)Google Scholar
  3. 3.
    Konstantinou, A., Florissi, D., Yemini, Y.: Towards Self-Configuring Networks. In: DARPA Active Networks Conference and Exposition (DANCE 2002) (2002)Google Scholar
  4. 4.
    Ganek, A.G., Corbi, T.A.: The dawning of the autonomic computing era. IBM systems journal 42(1) (2003)Google Scholar
  5. 5.
    Horn, P.: Autonomic Computing: IBM’s Perspective on the State of Information Technology (2001),
  6. 6.
    Kephart, J.O., Chess, D.M.: The Vision of Autonomic Computing. IEEE Computer Society, Los Alamitos (2003)Google Scholar
  7. 7.
    Balasubramaniam, S., Barrett, K., Strassner, J., Donnelly, W., van der Meer, S.: Bio-inspired Policy Based Management (bioPBM) for Autonomic Communication Systems. In: 7th IEEE workshop on Policies for Distributed Systems and Networks (2006)Google Scholar
  8. 8.
    TMF: TMF 053: The NGOSS Technology Neutral Architecture (2005)Google Scholar
  9. 9.
    IBM. Policy Management for Autonomic Computing. IBM T.J. Watson Research Centre (2005)Google Scholar
  10. 10.
    Durham, D., et al.: The COPS (Common Open Policy Service) Protocol. RFC 2748 (2000)Google Scholar
  11. 11.
    Westerinen, A., Strassner, J.: Common Information Model (CIM) Core Model. DSP0111, version 2.4 (2000)Google Scholar
  12. 12.
    Parker, J.: FCAPS, TMN, ITIL: Three Key Ingerdients to Effictive IT Management. OpenWater Solutions (2005)Google Scholar
  13. 13.
    Rivest, R.L.: S-expressions. Technical report, Network Working Group (1997), Internet Draft:
  14. 14.
    Common Criteria Project: Common criteria for information technology security evaluation version 2.1. Technical report, US NIST (1999)Google Scholar
  15. 15.
    Bistarelli, S.: Semirings for Soft Constraint Solving and Programming, vol. LNCS 2962. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Solving and Optimization. J.ACM 44(2), 201–236 (1997)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    TNI. Trusted computer system evaluation criteria: Trusted Network Interpretation. Technical report, National Computer Security Center, Red Book (1987)Google Scholar
  18. 18.
    Millen, J., Schwartz, M.: The cascading problem for interconnected networks. In: 4th Aerospace Computer Security Applications Conference. IEEE CS Press, Los Alamitos (1988)Google Scholar
  19. 19.
    Foley, S.N., Bistaelli, S., O’Sullivan, B., Herbert, J., Swart, G.: Multilevel security and the quality of protection. In: Proceedings of First Workshop on Quality of Protection, Como, Italy, vol. 23. Springer Advances in Information Security, Heidelberg (2006)Google Scholar
  20. 20.
    Horton, R., et al.: The cascade vulnerability problem. Journal of Computer Security 2(4), 279–290 (1993)Google Scholar
  21. 21.
    Swart, G., Aziz, B., Foley, S., Herbert, J.: Trading off security in a service oriented architecture. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 295–309. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Simon N. Foley
    • 1
  • William Fitzgerald
    • 2
  • Stefano Bistarelli
    • 4
    • 5
  • Barry O’Sullivan
    • 1
    • 3
  • Mícheál Ó Foghlú
    • 2
  1. 1.Department of Computer ScienceUniversity College CorkIreland
  2. 2.Waterford Institute of TechnologyIreland
  3. 3.Cork Constraint Computation CentreUniversity College CorkIreland
  4. 4.Dipartimento di ScienzeUniversità “G. D’Annunzio” di Chieti-PescaraItaly
  5. 5.Istituto di Informatica e TelematicaCNRPisaItaly

Personalised recommendations