Abstract
There are many security vulnerabilities in computer systems. They can be easily attacked by outsiders or abused by insiders who misuse their rights or who attack the security mechanisms in order to disguise as other users or to detour the security controls. Today’s network consists of a large number of routers and servers running a variety of applications. Policy-based network provides a means by which the management process can be simplified and largely automated. This article describes the modeling and simulation of a security system based on a policy-based network that has some merits. We present how the policy rules from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Base) are inducted, and how the policy rules are transformed into PCIM (Policy Core Information Model). In the network security environment, each simulation model is hierarchically designed by DEVS (Discrete EVent system Specification) formalism.
This research was supported by University IT Research Center Project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Changkun, W.: Policy-based network management. In: WCC-ICCT 2000, International Conference on Communication Technology Proceeding, August 2000, vol. 1, pp. 101–105 (2000)
Verma, D.C.: Simplifying network administration using policy-based management. Network 16, 20–26 (2002)
Cohen, F.: Simulating Cyber Attacks, Defences, and Consequences. Computer & Security 18, 479–518 (1999)
Verna, D.C.: Policy-Based Networking: Architecture and Algorithm. New Rider (2001)
Kosiur, D.: Understanding Policy-Based Networking. John Wiley & Sons, Inc., Chichester (2001)
Moore, B., et al.: Policy Core Information Model-Version 1 Specification. IETF RFC 3060 (February 2000)
Zwicky, E.D., Cooper, S., Chapman, D.B.: Building Internet Firewalls, 2nd edn. O’reilly & Associates, Sebastopol (2000)
Zeigler, B.P., Praehofer, H., Kim, T.G.: Theory of modeling and simulation: Integrating discrete event and continuous complex dynamic system. Academic Press, San Diego (2000)
Moore, B., et al.: Policy Core Information Model (PCIM) Extensions. IETF RFC 3460 (January 2003)
NIST, An Introduction to Computer Security : The NIST Handbook. Technology Adminstration, U.S.A (1995)
Bishop, M.: Vulnerablities Analysis. In: Proceedings of the Recent Advances in Intrusion Detection, pp. 125–136 (1999)
Martin, R.A.: Managing Vulnerabilities in Networked Systems. IEEE Computer 34(11), 32–38 (2001)
ICAT Metabase Zhengxin Chen. In: Data Mining And Uncertain Reasoning: An Integrated Approach, John Wiley & Sons, Chichester (2001), http://icat.nist.gov
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, W.Y., Seo, H.S., Cho, T.H. (2005). Modeling of Policy-Based Network with SVDB. In: Kim, T.G. (eds) Artificial Intelligence and Simulation. AIS 2004. Lecture Notes in Computer Science(), vol 3397. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30583-5_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-30583-5_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24476-9
Online ISBN: 978-3-540-30583-5
eBook Packages: Computer ScienceComputer Science (R0)