Modeling of Policy-Based Network with SVDB
There are many security vulnerabilities in computer systems. They can be easily attacked by outsiders or abused by insiders who misuse their rights or who attack the security mechanisms in order to disguise as other users or to detour the security controls. Today’s network consists of a large number of routers and servers running a variety of applications. Policy-based network provides a means by which the management process can be simplified and largely automated. This article describes the modeling and simulation of a security system based on a policy-based network that has some merits. We present how the policy rules from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Base) are inducted, and how the policy rules are transformed into PCIM (Policy Core Information Model). In the network security environment, each simulation model is hierarchically designed by DEVS (Discrete EVent system Specification) formalism.
KeywordsSecurity Policy PBNM (Policy-based Network Management) network security DEVS formalism simulation Data Mining
Unable to display preview. Download preview PDF.
- 1.Changkun, W.: Policy-based network management. In: WCC-ICCT 2000, International Conference on Communication Technology Proceeding, August 2000, vol. 1, pp. 101–105 (2000)Google Scholar
- 2.Verma, D.C.: Simplifying network administration using policy-based management. Network 16, 20–26 (2002)Google Scholar
- 4.Verna, D.C.: Policy-Based Networking: Architecture and Algorithm. New Rider (2001)Google Scholar
- 5.Kosiur, D.: Understanding Policy-Based Networking. John Wiley & Sons, Inc., Chichester (2001)Google Scholar
- 6.Moore, B., et al.: Policy Core Information Model-Version 1 Specification. IETF RFC 3060 (February 2000)Google Scholar
- 7.Zwicky, E.D., Cooper, S., Chapman, D.B.: Building Internet Firewalls, 2nd edn. O’reilly & Associates, Sebastopol (2000)Google Scholar
- 8.Zeigler, B.P., Praehofer, H., Kim, T.G.: Theory of modeling and simulation: Integrating discrete event and continuous complex dynamic system. Academic Press, San Diego (2000)Google Scholar
- 9.Moore, B., et al.: Policy Core Information Model (PCIM) Extensions. IETF RFC 3460 (January 2003)Google Scholar
- 10.NIST, An Introduction to Computer Security : The NIST Handbook. Technology Adminstration, U.S.A (1995) Google Scholar
- 11.Bishop, M.: Vulnerablities Analysis. In: Proceedings of the Recent Advances in Intrusion Detection, pp. 125–136 (1999)Google Scholar
- 12.Martin, R.A.: Managing Vulnerabilities in Networked Systems. IEEE Computer 34(11), 32–38 (2001)Google Scholar
- 13.ICAT Metabase Zhengxin Chen. In: Data Mining And Uncertain Reasoning: An Integrated Approach, John Wiley & Sons, Chichester (2001), http://icat.nist.gov