An Analysis Method of NAC Configuration Conflict Based on Ontology
Proceeding: Third International Conference on Digital Enterprise and Information Systems (DEIS2015)Publication Date: 2015-04-16
Authors : Wencan Tong; Xiaoyan Liang; Xiaojian Li; Jiejie Zhao; Xuemei Liang;
Page : 46-53
Keywords : Network Access Control; Conflict; Configuration; Ontology; Semantic Web;
Abstract
Network Access Control policy might be configured in terms of firewalls, proxys, intrusion prevention systems and user-access policies. These policies may interoperate in the sense that the access requirements of one may conflict and/or be redundant with respect to the access requirements of another when defined separately. And it is unusual to include infrastructure policy rules in an application policy that constrain the kinds of application information that different principals may access. Hence, an improperly configured infrastructure may unintentionally hinder the normal operation of application. This paper proposals an analysis method of NAC configuration based on ontologies, and gives an corresponding algorithm to automatically represent and generate the semantics of any access control configuration. The analysis method uses ontologies representing the semantics of NAC configruation, and uses reasoning based ontologies to analyse the conflict in the NAC configuration. Result of the experiment shows that our method can automatically figure out where the conflicts happen in configurations, and figure out the conflict entities and confilct operatings considering system services and application domains.
Other Latest Articles
- A Rule-based Detection Mechanism against Distributed Denial of Service Attacks
- Traffic Measurement and Analysis in Cellular Data Charging System
- Increasing the Saturated Output RF Power for RF Amplifiers Using a Passive
- Analysis of VDI Workload Characteristics
- A Churn-prevented Bandwidth Allocation Algorithm for Dynamic Demands In IaaS Cloud
Last modified: 2015-04-18 14:15:04