Modeling of Policy-Based Network with SVDB

  • Won Young Lee
  • Hee Suk Seo
  • Tae Ho Cho
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3397)


There are many security vulnerabilities in computer systems. They can be easily attacked by outsiders or abused by insiders who misuse their rights or who attack the security mechanisms in order to disguise as other users or to detour the security controls. Today’s network consists of a large number of routers and servers running a variety of applications. Policy-based network provides a means by which the management process can be simplified and largely automated. This article describes the modeling and simulation of a security system based on a policy-based network that has some merits. We present how the policy rules from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Base) are inducted, and how the policy rules are transformed into PCIM (Policy Core Information Model). In the network security environment, each simulation model is hierarchically designed by DEVS (Discrete EVent system Specification) formalism.


Security Policy PBNM (Policy-based Network Management) network security DEVS formalism simulation Data Mining 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Changkun, W.: Policy-based network management. In: WCC-ICCT 2000, International Conference on Communication Technology Proceeding, August 2000, vol. 1, pp. 101–105 (2000)Google Scholar
  2. 2.
    Verma, D.C.: Simplifying network administration using policy-based management. Network 16, 20–26 (2002)Google Scholar
  3. 3.
    Cohen, F.: Simulating Cyber Attacks, Defences, and Consequences. Computer & Security 18, 479–518 (1999)CrossRefGoogle Scholar
  4. 4.
    Verna, D.C.: Policy-Based Networking: Architecture and Algorithm. New Rider (2001)Google Scholar
  5. 5.
    Kosiur, D.: Understanding Policy-Based Networking. John Wiley & Sons, Inc., Chichester (2001)Google Scholar
  6. 6.
    Moore, B., et al.: Policy Core Information Model-Version 1 Specification. IETF RFC 3060 (February 2000)Google Scholar
  7. 7.
    Zwicky, E.D., Cooper, S., Chapman, D.B.: Building Internet Firewalls, 2nd edn. O’reilly & Associates, Sebastopol (2000)Google Scholar
  8. 8.
    Zeigler, B.P., Praehofer, H., Kim, T.G.: Theory of modeling and simulation: Integrating discrete event and continuous complex dynamic system. Academic Press, San Diego (2000)Google Scholar
  9. 9.
    Moore, B., et al.: Policy Core Information Model (PCIM) Extensions. IETF RFC 3460 (January 2003)Google Scholar
  10. 10.
    NIST, An Introduction to Computer Security : The NIST Handbook. Technology Adminstration, U.S.A (1995) Google Scholar
  11. 11.
    Bishop, M.: Vulnerablities Analysis. In: Proceedings of the Recent Advances in Intrusion Detection, pp. 125–136 (1999)Google Scholar
  12. 12.
    Martin, R.A.: Managing Vulnerabilities in Networked Systems. IEEE Computer 34(11), 32–38 (2001)Google Scholar
  13. 13.
    ICAT Metabase Zhengxin Chen. In: Data Mining And Uncertain Reasoning: An Integrated Approach, John Wiley & Sons, Chichester (2001),

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Won Young Lee
    • 1
  • Hee Suk Seo
    • 1
  • Tae Ho Cho
    • 1
  1. 1.School of Information and Communications EngineeringSungkyunkwan University 

Personalised recommendations