Ehab Al-Shaer, Ph.D., "Toward Autonomic Security Policy Management"
CERIAS Weekly Security Seminar - Purdue University
English - August 23, 2006 20:30 - 197 MB Video - ★★★★ - 6 ratingsTechnology Education Courses infosec security video seminar cerias purdue information sfs research education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
The assurance of network security is dependent not only on the
protocols but also on polices that determine the functional
behavior of network security devices. Network security devices such
as Firewalls, IPSec gateways, IDS/IPS operate based on locally
configured access control policies. However, the complexity of
managing security polices, particularly in enterprise networks,
poses many challenges for deploying effective security. For
example, security policies are usually configured in isolation from
each other, even though they are not necessarily independent as
they interact with each other to form the global security policy.
As a result of such ad-hoc management, policy inconsistencies and
network vulnerability are created. In addition security policy
might grow in size causing a significant performance overhead in
security devices. A major performance gain can be achieved if
policies can be dynamic optimized to adapt to traffic properties
(called traffic-aware policy optimization). This talk will explain
these challenges and present the recent research results in the
area of automated verification, and optimization of network
security polices.