ABSTRACT
Network policies that offer vital functionalities are often organized in a chain. Current practice either assumes proper policy chains as a prior or relies on simple syntax-based input-output analysis. This paper examines and addresses several difficulties with this approach --- context-dependent policy interaction, unnecessarily coupled policies, and policies that must be jointly examined, proposing database integrity constraints as a means towards a semantic-based finer solution. Built on a unified logical framework to describe and reason about policy chains, our database solution gives (1) criteria that derive correct policy chain with a more accurate estimate of policy dependency, and (2) criteria that check and obtain atomic policy, unit of policy that is proper for policy chain.
- Serge Abiteboul, Richard Hull, and Victor Vianu (Eds.). . 1995. Foundations of Databases: The Logical Level (bibinfoedition1st ed.). Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA. Google ScholarDigital Library
- Pankaj Berde, Matteo Gerola, Jonathan Hart, Yuta Higuchi, Masayoshi Kobayashi, Toshio Koide, Bob Lantz, Brian O'Connor, Pavlin Radoslavov, William Snow, and Guru Parulkar. 2014. ONOS: Towards an Open, Distributed SDN OS. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking (HotSDN '14). ACM, New York, NY, USA, 1--6. Google ScholarDigital Library
- José A. Blakeley, Neil Coburn, and Per-:1Vke Larson. 1989. Updating Derived Relations: Detecting Irrelevant and Autonomously Computable Updates. ACM Trans. Database Syst. Vol. 14, 3 (Sept. . 1989), 369--400. Google ScholarDigital Library
- Philip Taylor and Timothy Griffin. 2009. A model of configuration languages for routing protocols PRESTO. Google ScholarDigital Library
- Anduo Wang, Xueyuan Mei, Jason Croft, Matthew Caesar, and Brighten Godfrey. 2016. Ravel: A Database-Defined Network. In SOSR. Google ScholarDigital Library
Index Terms
- Database Criteria for Network Policy Chain
Recommendations
Analysis of Adaptive Policy-Based Approach to Avoid Policy Conflicts
APSEC '12: Proceedings of the 2012 19th Asia-Pacific Software Engineering Conference - Volume 01PobMC is an adaptive scalable framework which uses policies to control and adapt the system behaviour. Moreover, PobMC has the capability to decouple the adaptation concerns from the application code. Since policies are used to govern the system ...
Efficient Network Security Policy Enforcement With Policy Space Analysis
Network operators rely on security services to protect their IT infrastructures. Different kinds of network security policies are defined globally and distributed among multiple security middleboxes deployed in networks. However, due to the complexity ...
Network-level access control policy analysis and transformation
Network-level access control policies are often specified by various people (network, application, and security administrators), and this may result in conflicts or suboptimal policies. We have defined a new formal model for policy representation that ...
Comments