Skip to main content
Springer Nature Link
Log in

Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

  • Conference paper
Autonomic Principles of IP Operations and Management (IPOM 2006)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4268))

Included in the following conference series:

  • 392 Accesses

Abstract

The challenge for autonomic network management is the provision of future network management systems that have the characteristics of self-management, self-configuration, self-protection and self-healing, in accordance with the high level objectives of the enterprise or human end-user. This paper proposes an abstract model for network configuration that is intended to help understand fundamental underlying issues in self-configuration. We describe the cascade problem in self-configuring networks: when individual network components that are securely configured are connected together (in an apparently secure manner), a configuration cascade can occur resulting in a mis-configured network. This has implications for the design of self-configuring systems and we discuss how a soft constraint-based framework can provide a solution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Drogseth, D., Hultquist, S., Nudler, J.: Network Performance Management: Three key technology challenges. Special Report (2004), http://www.statseeker.com

  2. Magrath, S., Chiang, F., Markovits, S., Braun, R., Cuervo, F.: Autonomics in Telecommunications Service Activation. In: First International Workshop on Autonomic Communication for Evolvable Next Generation Networks (2005)

    Google Scholar 

  3. Konstantinou, A., Florissi, D., Yemini, Y.: Towards Self-Configuring Networks. In: DARPA Active Networks Conference and Exposition (DANCE 2002) (2002)

    Google Scholar 

  4. Ganek, A.G., Corbi, T.A.: The dawning of the autonomic computing era. IBM systems journal 42(1) (2003)

    Google Scholar 

  5. Horn, P.: Autonomic Computing: IBM’s Perspective on the State of Information Technology (2001), http://www.research.ibm.com/autonomic/manifesto

  6. Kephart, J.O., Chess, D.M.: The Vision of Autonomic Computing. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  7. Balasubramaniam, S., Barrett, K., Strassner, J., Donnelly, W., van der Meer, S.: Bio-inspired Policy Based Management (bioPBM) for Autonomic Communication Systems. In: 7th IEEE workshop on Policies for Distributed Systems and Networks (2006)

    Google Scholar 

  8. TMF: TMF 053: The NGOSS Technology Neutral Architecture (2005)

    Google Scholar 

  9. IBM. Policy Management for Autonomic Computing. IBM T.J. Watson Research Centre (2005)

    Google Scholar 

  10. Durham, D., et al.: The COPS (Common Open Policy Service) Protocol. RFC 2748 (2000)

    Google Scholar 

  11. Westerinen, A., Strassner, J.: Common Information Model (CIM) Core Model. DSP0111, version 2.4 (2000)

    Google Scholar 

  12. Parker, J.: FCAPS, TMN, ITIL: Three Key Ingerdients to Effictive IT Management. OpenWater Solutions (2005)

    Google Scholar 

  13. Rivest, R.L.: S-expressions. Technical report, Network Working Group (1997), Internet Draft: http://theory.lcs.mit.edu/rivest/sexp.txt

  14. Common Criteria Project: Common criteria for information technology security evaluation version 2.1. Technical report, US NIST (1999)

    Google Scholar 

  15. Bistarelli, S.: Semirings for Soft Constraint Solving and Programming, vol. LNCS 2962. Springer, Heidelberg (2004)

    Book  Google Scholar 

  16. Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Solving and Optimization. J.ACM 44(2), 201–236 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  17. TNI. Trusted computer system evaluation criteria: Trusted Network Interpretation. Technical report, National Computer Security Center, Red Book (1987)

    Google Scholar 

  18. Millen, J., Schwartz, M.: The cascading problem for interconnected networks. In: 4th Aerospace Computer Security Applications Conference. IEEE CS Press, Los Alamitos (1988)

    Google Scholar 

  19. Foley, S.N., Bistaelli, S., O’Sullivan, B., Herbert, J., Swart, G.: Multilevel security and the quality of protection. In: Proceedings of First Workshop on Quality of Protection, Como, Italy, vol. 23. Springer Advances in Information Security, Heidelberg (2006)

    Google Scholar 

  20. Horton, R., et al.: The cascade vulnerability problem. Journal of Computer Security 2(4), 279–290 (1993)

    Google Scholar 

  21. Swart, G., Aziz, B., Foley, S., Herbert, J.: Trading off security in a service oriented architecture. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 295–309. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University College Cork, Ireland

    Simon N. Foley & Barry O’Sullivan

  2. Waterford Institute of Technology, Ireland

    William Fitzgerald & Mícheál Ó Foghlú

  3. Cork Constraint Computation Centre, University College Cork, Ireland

    Barry O’Sullivan

  4. Dipartimento di Scienze, Università “G. D’Annunzio” di Chieti-Pescara, Italy

    Stefano Bistarelli

  5. Istituto di Informatica e Telematica, CNR, Pisa, Italy

    Stefano Bistarelli

Authors
  1. Simon N. Foley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. William Fitzgerald
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefano Bistarelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Barry O’Sullivan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mícheál Ó Foghlú
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing and Information Engineering, Faculty of Engineering, University of Ulster, Coleraine, Co., BT52 1SA, Londonderry, United Kingdom

    Gerard Parr

  2. Hamilton Institute, NUI Maynooth,  

    David Malone

  3. Telecommunications Software and Systems Group, Waterford Institute of Technology, Cork Road, Waterford, Irleland

    Mícheál Ó Foghlú

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Foley, S.N., Fitzgerald, W., Bistarelli, S., O’Sullivan, B., Foghlú, M.Ó. (2006). Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration. In: Parr, G., Malone, D., Ó Foghlú, M. (eds) Autonomic Principles of IP Operations and Management. IPOM 2006. Lecture Notes in Computer Science, vol 4268. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908852_15

Download citation

  • DOI: https://doi.org/10.1007/11908852_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-47701-3

  • Online ISBN: 978-3-540-47702-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics