• Title/Summary/Keyword: Policy-based Network Management

Search Result 622, Processing Time 0.032 seconds

Detection and Recovery of Policy Conflicts in Policy-based Network Management Systems (정책기반 네트워크 관리 시스템의 정책 충돌 탐지 및 복구)

  • Lee, Kyu-Woong
    • Journal of Information Technology Services
    • /
    • v.6 no.2
    • /
    • pp.177-188
    • /
    • 2007
  • Policy-based Network Management (PBNM) has been presented as a paradigm for efficient and customizable management systems. The approach chosen is based on PBNM systems, which are a promising and novel approach to network management. These systems have the potential to improve the automation of network management processes. The Internet Engineering Task Force (IETF) has also used policy concepts and provided a framework to describe the concept as the Policy Core Information Model (PCIM) and its extensions. There are policy conflicts among the policies that are defined as the policy information model and they are not easily and effectively detected and resolved. In this paper, we present the brief description of PBNM and illustrate the concepts of policy core information model and its policy implementation for a network security. Especially we describe our framework for detecting and resolving the policy conflicts for network security.

ADesign and Implementation of Policy-based Network Management System for Internet QoS Support Mobile IP Networks (인터넷 QoS 지원 이동 IP 망에서의 정책기반 망 관리 시스템 설계 및 구현)

  • 김태경;강승완;유상조
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.2B
    • /
    • pp.192-202
    • /
    • 2004
  • In this paper we have proposed policy-based network management system architecture for Internet QoS support Mobile IP networks that is divided into four layers(application layer, information management layer, policy control layer, device layer), then we propose an implementation strategy of policy-based network management system to enforce various control and network management operations and a model of policy server using SCOPS(Simple Common Open Policy Service) protocol that is developed in this research. For policy-based mobile IP network management system implementation, we have derived four policy classes(access control, mobile IP operation, QoS control, and network monitoring) and we showed operation procedures for each policy scenarios. Finally we have implemented Internet QoS support policy-based mobile IP network testbed and management system and verified out DiffServ policy enforcement behaviors for a target class service that is arranged a specific bandwidth on network congestion conditions.

The Implementation of Policy Management Tool Based on Network Security Policy Information Model (네트워크 보안 정책 정보 모델에 기반한 정책 관리 도구의 구현)

  • Kim, Geon-Lyang;Jang, Jong-Soo;Sohn, Sung-Won
    • The KIPS Transactions:PartC
    • /
    • v.9C no.5
    • /
    • pp.775-782
    • /
    • 2002
  • This paper introduces Policy Management Tool which was implemented based on Policy Information Model in network suity system. Network security system consists of policy terror managing and sending policies to keep a specific domain from attackers and policy clients detecting and responding intrusion by using policies that policy server sends. Policies exchanged between policy server and policy client are saved in database in the form of directory through LDAP by using Policy Management Tool based on network security policy information model. NSPIM is an extended policy information model of IETF's PCIM and PCIMe, which enables network administrator to describe network security policies. Policy Management Tool based on NSPIM provides not only policy management function but also editing function using reusable object, automatic generation function of object name and blocking policy, and other convenient functions to user.

Concept of the Cloud Type Virtual Policy Based Network Management Scheme for the Whole Internet

  • Kazuya, Odagiri;Shogo, Shimizu;Naohiro, Ishii
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.1
    • /
    • pp.71-77
    • /
    • 2023
  • In the current Internet system, there are many problems using anonymity of the network communication such as personal information leaks and crimes using the Internet system. This is why TCP/IP protocol used in Internet system does not have the user identification information on the communication data, and it is difficult to supervise the user performing the above acts immediately. As a study for solving the above problem, there is the study of Policy Based Network Management (PBNM). This is the scheme for managing a whole Local Area Network (LAN) through communication control for every user. In this PBNM, two types of schemes exist. As one scheme, we have studied theoretically about the Destination Addressing Control System (DACS) Scheme with affinity with existing internet. By applying this DACS Scheme to Internet system management, we will realize the policy-based Internet system management. In this paper, to realize it, concept of the Internet PBNM Scheme is proposed as the final step.

The Proposal of Security Management Architecture using Programmable Networks Technology

  • Kim, Myung-Eun;Seo, Dong-Il;Lee, Sang-Ho
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2004.08a
    • /
    • pp.926-931
    • /
    • 2004
  • In this paper, we proposed security management architecture that combines programmable network technology and policy based network management technology to manage efficiently heterogeneous security systems. By using proposed security management architecture, a security administrator can manage heterogeneous security systems using security policy, which is automatically translated into a programmable security policy and executed on programmable middleware of security system. In addition, programmable middleware that has the features of programmable network can reduce excessive management traffic. We showed that the programmable middleware could reduce the load of management traffic by comparing processing time between the proposed architecture and PBNM architecture.

  • PDF

Modeling and Simulation of Policy-based Network Security

  • Lee, Won-young;Cho, Tae-ho
    • Proceedings of the KAIS Fall Conference
    • /
    • 2003.11a
    • /
    • pp.155-162
    • /
    • 2003
  • Today's network consists of a large number of routers and servers running a variety of applications. Policy-based network provides a means by which the management process can be simplified and largely automated. In this paper we build a foundation of policy-based network modeling and simulation environment. The procedure and structure for the induction of policy rules from vulnerabilities stored in SVDB (Simulation based Vulnerability Data Base) are developed. The structure also transforms the policy rules into PCIM (Policy Core Information Model). The effect on a particular policy can be tested and analyzed through the simulation with the PCIMs and SVDB.

  • PDF

Architecture of Policy-Based Network Management for Providing Internet Differentiated Service on Mobile IP Environment (이동 IP 환경에서 인터넷 차별화 서비스 제공을 위한 정책기반 네트워크 관리 구조)

  • 강승완;김태경;유상조
    • Journal of Korea Multimedia Society
    • /
    • v.7 no.5
    • /
    • pp.721-736
    • /
    • 2004
  • Because of increasing the notebook computer and PDA, users' requirement with respect to mobility is growing more and more. However, current IP protocol is not changed IP address and can not deliver IP packets on new location of host in case moving another network. To solve this problem, the IETF has proposed mobile IP. Today users want to be provided suitable QoS in the internet since demand of services is variety. The policy-based network management is method which can solve various problems of QoS, security, and complication of management in IP networks. This paper presents the network topology constitution, operation procedure and architecture of policy-based network management for providing internet DiffServ on mobile IP environment. In this paper we propose policy classes of policy-based DiffServ network management on mobile environment and create policy scenarios using the proposed policy description language to represent the policy classes. Finally, we implemented a policy-based DiffServ network management system on mobile IP environment.

  • PDF

Policy-based Network Security with Multiple Agents (ICCAS 2003)

  • Seo, Hee-Suk;Lee, Won-Young;Yi, Mi-Ra
    • 제어로봇시스템학회:학술대회논문집
    • /
    • 2003.10a
    • /
    • pp.1051-1055
    • /
    • 2003
  • Policies are collections of general principles specifying the desired behavior and state of a system. Network management is mainly carried out by following policies about the behavior of the resources in the network. Policy-based (PB) network management supports to manage distributed system in a flexible and dynamic way. This paper focuses on configuration management based on Internet Engineering Task Force (IETF) standards. Network security approaches include the usage of intrusion detection system to detect the intrusion, building firewall to protect the internal systems and network. This paper presents how the policy-based framework is collaborated among the network security systems (intrusion detection system, firewall) and intrusion detection systems are cooperated to detect the intrusions.

  • PDF

Study on ″Policy-based Network service Management System for DEN″ (DEN 서비스를 위한 PBNM 개발)

  • 전준현;백성혁;구태원
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.41 no.4
    • /
    • pp.1-10
    • /
    • 2004
  • In NGNs(Next Generation Networks), It is necessary for Integrated management of resource and information to satisfy high-quality users'demands, such as stable speed, guarantee of high level service and service requirement in various fields. In relation to this, technology for efficiently using limited resources is becoming interesting things more and more. Therefore policy of network service is dealt essentially. Recently, DEN(Directory Enabled Network)-based personalization service is user-dependent services in NGNs, and integrated management and efficient use of limited resources. Also, PBNM(Policy-Based Network Management) is new technology defined and applied by policies of communication service environments and users on demand. Subsequently to study on how to optimizing the PBNM is of great importance. In this paper, we propose a technology of the PBNM based on DEN standardized in DMTF(Distributed Management Task Force).

A study on the Application of Policy-Based Networking for QoS in The Defense Information System (국방정보체계의 서비스 품질(QoS) 보장을 위한 정책기반(Policy-Based)네트워킹 적용에 관한 연구)

  • 김광영;이승종
    • Journal of the military operations research society of Korea
    • /
    • v.29 no.1
    • /
    • pp.57-75
    • /
    • 2003
  • Policy-based networking offers a network manager the ability to manage the network in a holistic and dynamic fashion rather than force a network manager to manage the network by dealing with each device individually. Policy-based networking is focusing on users and applications instead of emphasizing devices and interfaces. An important part of the policy-based networking is to simplify the task of administration and management for different disciplines. The Defense Information System(DIS) of today are complex and heterogeneous systems. Operational needs are not a trivial task and Quality of Service(QoS) is not generally guaranteed. So, important data may be missed or congested by trivial data. Policy-based networking provide a way to support QoS and simplify the management of multiple devices deploying complex technologies. This paper suggest implementation of policy-based networking in DIS to improvement of performance, and implementation is progressed step by step. Especially this paper is focusing on the providing QoS with policy-based networking using Lightweight Directory Access Protocol(LDAP) Server.