Skip to main content
SpringerLink
Log in
Book cover

International Conference on Collaborative Computing: Networking, Applications and Worksharing

CollaborateCom 2008: Collaborative Computing: Networking, Applications and Worksharing pp 663–678Cite as

A New Method for Creating Efficient Security Policies in Virtual Private Network

  • Conference paper

  • 700 Accesses

Abstract

One of the most important protocols for implementing tunnels in order to take action of secure virtual private network is IPsec protocol. IPsec policies are used widely in order to limit access to information in security gateways or firewalls. The security treatment, namely (Deny, Allow or Encrypt) is done for outbound as well as inbound traffic by security policies. It is so important that they adjust properly. The current methods for security policies creation as seen in given security requirements are not efficient enough i.e. there are much more created policies than requirements. In this paper, we define a new method to decrease adopted security policies for a specific set of security requirements without any undesirable effect. Our measurement shows that security policies creation will be improved efficiently, and their updating time will be decreased.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Doraswamy, N., Harkind, D.: IPSEC, The New Security Standard for Internet, Intranets, Virtual Private Network. Prentice Hall PTR, Englewood Cliffs (1999)

    Google Scholar 

  2. Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)

    Google Scholar 

  3. Lupu, E.C., Sloman, M.: Conflict Analysis for Management Policies. In: 5th IFIP/IEEE International Symposium on Integrated Network Management, pp. 430–443 (1997)

    Google Scholar 

  4. Lupu, E.C., Sloman, M.: Conflicts in Policy Based Distributed Systems Management. IEEE Transaction on Software Engineering 25(6), 852–869 (1999)

    Article  Google Scholar 

  5. Fu, Z., Wu, S.F.: Automatic Generation of IPsec/VPN policies in an Intra-Domain Environment. In: 12th International Workshop on Distributed System: operation & management (DSOM 2001), Nancy, France (2001)

    Google Scholar 

  6. Moffett, J.D., Sloman, M.S.: Policy Hierarchies for Distributed Systems Management. IEEE Journal on Selected Areas in Communication 11, 1404–1414 (1993)

    Article  Google Scholar 

  7. Blaze, M., Keromytis, A., Richardson, M., Sanchez, L.: IP Security Policy Requirements. Internet draft, draft-ietf-ipsp-requirements-02.txt, IPSP Working Group (2002)

    Google Scholar 

  8. Condell, M., Lynn, C., Zao, J.: Security Policy Specification Language. Internet Draft, draft_ietf_ipsp_spsl_00.txt (2000)

    Google Scholar 

  9. Jason, J.: IPsec Configuration Policy Model. Internet Draft, draft_ietf_ipsp_config_ policy_model_00.txt (2000)

    Google Scholar 

  10. Pereira, R., Bhattacharya, P.: IPSec Policy Data Model. Internet Draft, draft_ietf_ipsec_policy_model_00.txt (1998)

    Google Scholar 

  11. Law, K.L.E.: Scalable Design of a Policy-Based Management System and its Performance. IEEE Communication Magazine 41(6), 72–97 (2003)

    Article  Google Scholar 

  12. Zao, J., Sanchez, L., Condell, M., Lyn, C., Fredette, M., Helinek, P., Krishnan, P., Jackson, A., Mankins, D., Shepard, M., Kent, S.: Domain Based Internet Security Policy Management. In: Proceedings of DARPA Information Survivability Conference and Exposition (2000)

    Google Scholar 

  13. Baek, S., Jeong, M., Park, J., Chung, T.: Policy-based Hybrid Management Architecture for IP-based VPN. In: Proceedings of 7th IEEE/IFIP Network Operations and management Symposium (NOMS 2000), Honolulu, Hawaii (2000)

    Google Scholar 

  14. Fu, Z., Wu, S.F., Huang, H., Loh, K., Gong, F.: IPSec/VPN Security Policy: Correctness, Conflict Detection and Resolution. In: IEEE policy 2001 Workshop (2001)

    Google Scholar 

  15. Yang, Y., Martel, C., Fu, Z., Wu, S.F.: IPsec/VPN Security Policy Correctness and Assurance. In: Proceedings of Journal of High Speed Networking, Special issue on Managing Security Polices: Modeling, Verification and Configuration (2006)

    Google Scholar 

  16. Yang, Y., Martel, C., Wu, S.F.: On Building the Minimum Number of Tunnels – An Ordered-Split approach to manage IPsec/VPN policies. In: Proceedings of 9th IEEE/IFIP Network Operations and Management Symposium (NOMS 2004), Seoul, Korea (2004)

    Google Scholar 

  17. Yang, Y., Fu, Z., Wu, S.F.: BANDS: An Inter-Domain Internet Security Policy Management System for IPSec/VPN. In: Proceedings of 8th IFIP/IEEE International Symposium on Integrated Network Management (IM 2003), Colorado (2003)

    Google Scholar 

  18. Al-Shaer, E., Hamed, H.: Taxonomy of Conflicts in Network Security Policies. Proceedings of IEEE Communications Magazine 44(3) (2006)

    Google Scholar 

  19. Hamed, H., Al-Shaer, E., Marrero, W.: Modeling and Verification of IPsec and VPN Security Policies. In: Proceedings of 13th IEEE International Conference on Network Protocols, ICNP 2005 (2005)

    Google Scholar 

  20. Chang, C.L., Chiu, Y.P., Lei, C.L.: Automatic Generation of Conflict-Free IPsec Policies. In: Wang, F. (ed.) FORTE 2005. LNCS, vol. 3731, pp. 233–246. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Sheridan-Smith, N., Neill, T.O., Leaney, J.: Enhancements to Policy Distribution for Control Flow, Looping and Transactions. In: Schönwälder, J., Serrat, J. (eds.) DSOM 2005. LNCS, vol. 3775, pp. 269–280. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. Kempter, B., Danciu, V.: Generic policy conflict handling using a priori models. In: Schönwälder, J., Serrat, J. (eds.) DSOM 2005. LNCS, vol. 3775, pp. 84–96. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Yuan, L., Mai, J., Su, Z., Chen, H., Chuah, C.N., Mohapatra, P.: FIREMAN: A Toolkit for Firewall Modeling and Analysis. In: Proceedings of IEEE Symposium on Security and Privacy (2006)

    Google Scholar 

  24. Moffett, J.D.: Requirements and Policies. In: Position paper for Policy Workshop (1999)

    Google Scholar 

  25. Adiseshu, H., Suri, S., Parulkar, G.: Detecting and Resolving Packet Filter Conflicts. In: INFOCOM (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Engineering, Universiti Putra Malaysia, Malaysia

    Mohammad Mehdi Gilanian Sadeghi & Borhanuddin Mohd Ali

  2. Faculty of Computer Engineering and IT, Amirkabir University, Iran

    Hossein Pedram, Mehdi Deghan & Masoud Sabaei

Authors
  1. Mohammad Mehdi Gilanian Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Borhanuddin Mohd Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hossein Pedram
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mehdi Deghan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Masoud Sabaei
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science LWSN 2142G, Purdue University, 656 Oval Drive, IN 47907, West Lafayette, USA

    Elisa Bertino

  2. School of Information Sciences, Department of Information Sciences and Telecommunications, University of Pittsburgh, 135 North Bellefield Avenue, PA 15260, Pittsburgh, USA

    James B. D. Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Sadeghi, M.M.G., Mohd Ali, B., Pedram, H., Deghan, M., Sabaei, M. (2009). A New Method for Creating Efficient Security Policies in Virtual Private Network. In: Bertino, E., Joshi, J.B.D. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 10. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03354-4_49

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03354-4_49

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03353-7

  • Online ISBN: 978-3-642-03354-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation