An Editor for Adaptive XML-Based Policy Management of IPsec

Abstract

The IPsec protocol provides a mechanism to enforce a range of security services for both confidentiality and integrity, enabling secure transmission of information across networks. Dynamic parameterization of IPsec, via the KeyNote trust management system, further enables security mechanisms to adjust the level of security services "on-the-fly" to respond to changing network and operational conditions. However, KeyNote requires that an IPsec policy be defined in the KeyNote specification syntax. defining such a dynamic security policy in the KeyNote Policy Specification language is complicated and can lead to incorrect specification of the desired policy, thus degrading the security of the network. We present an alternative XML representation of this language and a graphical user interface to create and manage a consistent and correct security policy. The interface has the simplicity of a simple menu-driven editor that not only provides KeyNote with a policy in the specified syntax but also integrates techniques to support administrative policy verification.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 12, 2003
Accession Number
ADA435401

Entities

People

  • Cynthia E. Irvine
  • Raj Mohan
  • Timothy E. Levin

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Authentication
  • Computer Access Control
  • Computer Communications
  • Computer Network Security
  • Computer Networks
  • Computers
  • Cryptography
  • Encapsulation
  • Graphical User Interface
  • Language
  • Markup Languages
  • Network Protocols
  • Security Protocols
  • Specifications
  • User Interface
  • Xml

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Database Systems and Applications