Abstract
Network Access Control requirements are typically implemented in practice as a series of heterogeneous security-mechanism-centric policies that span system services and application domains. For example, a Network Access Control policy night be configured in terms of firewall, proxy, intrusion prevention and user access policies. While defined separately, these security policies may interoperate in the sense that the access requirements of one may conflict and/or be redundant with respect to the access requirements of another. Thus, managing a large number of distinct policies becomes a major challenge in terms of deploying and maintaining a meaningful and consistent configuration. It is argued that employing techniques of the Semantic Web-an architecture that supports the formal representation, reasoning and sharing of heterogeneous domain knowledge-provides a natural approach to solving this challenge. A risk-based approach to configuring interoperable Network Access Control policies is described. Each Network Access Control mechanism has an ontology that is used to represent its configuration. This knowledge is unified with higher-level business (risk) rides, providing a single (extensible) ontology that supports reasoning across the different Network, Access Control policy configurations.
| Original language | English |
|---|---|
| Pages (from-to) | 99-117 |
| Journal | Journal of Research and Practice in Information Technology |
| Volume | 41 |
| Issue number | 2 |
| Publication status | Published - 2009 |
Keywords
- Security Configuration Network Access Control Ontology Risk Semantic Web