Reconciling Multiple IPsec and Firewall Policies

Aura, Tuomas; Becker, Moritz; Roe, Michael; Zieliński, Piotr

doi:10.1007/978-3-642-17773-6_9

Reconciling Multiple IPsec and Firewall Policies

Tuomas Aura¹⁹,
Moritz Becker¹⁹,
Michael Roe¹⁹ &
…
Piotr Zieliński¹⁹

Conference paper

482 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5964))

Abstract

Manually configuring large firewall policies can be a hard and error-prone task. It is even harder in the case of IPsec policies that can specify IP packets not only to be accepted or discarded, but also to be cryptographically protected in various ways. However, in many cases the configuration task can be simplified by writing a set of smaller, independent policies that are then reconciled consistently. Similarly, there is often the need to reconcile policies from multiple sources into a single one. In this paper, we discuss the issues that arise in combining multiple IPsec and firewall policies and present algorithms for policy reconciliation.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Johnson, D.B., Perkins, C., Arkko, J.: Mobility support in IPv6. RFC 3775, IETF Mobile IP Working Group (2004)
Google Scholar
Kent, S., Seo, K.: Security architecture for the Internet Protocol. RFC 4301, IETF (2005)
Google Scholar
Arrow, K.J.: Social Choice and Individual Values. Yale University Press, New Haven (1970)
MATH Google Scholar
Guttman, J.D., Herzog, A.L.: Rigorous automated network security management. International Journal of Information Security 4(1-2) (2005)
Google Scholar
Hamed, H.H., Al-Shaer, E.S., Marrero, W.: Modeling and verification of IPSec and VPN security policies. In: 13th IEEE International Conference on Network Protocols (ICNP 2005), pp. 259–278 (2005)
Google Scholar
Liu, A.X., Gouda, M.G.: Complete redundancy detection in firewalls. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 196–209. Springer, Heidelberg (2005)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Microsoft Research, USA
Tuomas Aura, Moritz Becker, Michael Roe & Piotr Zieliński

Authors

Tuomas Aura
View author publications
You can also search for this author in PubMed Google Scholar
Moritz Becker
View author publications
You can also search for this author in PubMed Google Scholar
Michael Roe
View author publications
You can also search for this author in PubMed Google Scholar
Piotr Zieliński
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Computer Science Department, University of Hertfordshire, AL10 9AB, Hatfield, UK
Bruce Christianson & James A. Malcolm &
University of Trento, Trento, Italy
Bruno Crispo
Microsoft Research Ltd.,, Roger Needham Building, 7 JJ Thomson Avenue, CB3 0FB, Cambridge, UK
Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Aura, T., Becker, M., Roe, M., Zieliński, P. (2010). Reconciling Multiple IPsec and Firewall Policies. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2007. Lecture Notes in Computer Science, vol 5964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17773-6_9

Download citation

DOI: https://doi.org/10.1007/978-3-642-17773-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17772-9
Online ISBN: 978-3-642-17773-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics