USENIX Technical Program - Abstract - 13th Systems Administration Conference

USENIX Technical Program - Abstract - 13th Systems Administration Conference - LISA '99

Managing Security in Dynamic Networks

Alexander V. Konstantinou, Yechiam Yemini, Columbia University; Sandeep Bhatt, and S. Rajagopalan, Telcordia Technologies (formerly Bellcore)

Abstract

This paper describes our initial steps towards self-configuring mechanisms for automating high-level security and service policies in dynamic networks. We build on the NESTOR system developed at Columbia University for instrumenting and monitoring constraints on network elements and services such as DHCP, DNS zones, host-based access controls, firewalls, and VLAN switches.

Current paradigms for configuration management require that changes be propagated either manually or via low-level scripts suited to static networks. Our longer-term goal is to provide fully automated techniques which work for dynamic networks in which changes are frequent and often unanticipated. Automated approaches, such as ours, are the only viable solution for global and dynamic networks and services. In this paper, we focus on one specific scenario to illustrate our ideas: providing transparent and secure access to selected services from a mobile laptop. The challenge is that reconfiguration must satisfy the security policies of two independent corporate networks.

View the full text of this paper in HTML form, PDF form, and PostScript form.
If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
To become a USENIX Member, please see our Membership Information.

Need help? Use our Contacts page.

Last changed: 13 Feb 2002 ml

Technical Program

Conference index

USENIX home