A Study on Hierarchical Policy Model for Managing Heterogeneous Security Systems

  • DongYoung Lee
  • Sung-Soo Ahn
  • Minsoo Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6785)


Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we defined the hierarchical policy model and the detection algorithm of policy conflict for managing heterogeneous firewall systems. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. With the process of the detection and resolution for policy conflict, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large network.


Security Policy Security Management Policy Conflict Permit Policy Server Permit 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    An Introduction to Computer Security: The NIST Handbook, NIST Special Publication 800-12 (January 1)Google Scholar
  2. 2.
    A Study on the Development of Countermeasure Technologies against Hacking and Intrusion in Computer Network Systems, KISA final development report (January 1999) Google Scholar
  3. 3.
    Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security: repelling the willy hacker. Addison-Wesley, Reading (1994)zbMATHGoogle Scholar
  4. 4.
    ISO 7498-2, Information processing systems-Open Systems Interconnection – Basic Reference Model—Part 2: Security Architecture Google Scholar
  5. 5.
    Lee, D.Y., Kim, D.S., Pang, K.H., Kim, H.S., Chung, T.M.: Web-based integrated security management system using SNMP. KNOM Review 2(1), 1167–1171 (1999)Google Scholar
  6. 6.
    Lee, D.Y., Kim, D.S., Pang, K.H., Kim, H.S., Chung, T.M.: A Design of Scalable SNMP Agent for Managing Heterogeneous Security Systems. In: NOMS, April 10-15 (2000)Google Scholar
  7. 7.
    Kim, K.H., Kim, D.S., Chung, T.M.: The Firewall Selection Algorithm for Integrated Security Management. In: Proceedings of The International Conference on Information Networking(ICOIN), February 2003, vol. II, pp. 940–949 (2003)Google Scholar
  8. 8.
    Kim, Y., Song, E.: Privacy-aware Role Based Access Control Model: Revisited for Multi-Policy Conflict Detection (2010)Google Scholar
  9. 9.
    Moffett, J., Sloman, M.S.: Policy Conflict Analysis in Distributed System Management. Journal of Organizational Computing 4(1), 1–22 (1994)CrossRefGoogle Scholar
  10. 10.
    Lupu, E.C., Sloman, M.: Conflicts in Policy-Based Distributed Systems Management. Journal of IEEE Transaction on Software Engineering 25(6), 852–869 (1999)CrossRefGoogle Scholar
  11. 11.
    Lupu, E., Sloman, M.: Conflict Analysis for Management Policies. In: International Symposium on Integrated Network Management IM 1997, pp. 430–443 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • DongYoung Lee
    • 1
  • Sung-Soo Ahn
    • 1
  • Minsoo Kim
    • 2
  1. 1.Dept. of Information and CommunicationMyong-ji CollegeSeoulKorea
  2. 2.Agency for Defense Development 3rd System Development Center, MEP System, DevelopmentDaejeonKorea

Personalised recommendations