@inproceedings{
 title = {Inter-technology conflict analysis for communication protection policies},
 type = {inproceedings},
 year = {2015},
 identifiers = {[object Object]},
 pages = {148-163},
 volume = {8924},
 id = {0bac6a12-b1cf-3d53-b063-0e7e7d2bb80d},
 created = {2020-10-28T14:39:42.901Z},
 file_attached = {false},
 profile_id = {47be63fe-fca0-3f0f-a864-642602926c3f},
 last_modified = {2021-01-23T15:56:18.076Z},
 read = {false},
 starred = {false},
 authored = {true},
 confirmed = {true},
 hidden = {false},
 private_publication = {false},
 abstract = {Usually network administrators implement a protection policy by refining a set of (abstract) communication security requirements into configuration settings for the security controls that will provide the required protection. The refinement consists in evaluating the available technologies that can enforce the policy at node and network level, selecting the most suitable ones, and possibly making fine adjustments, like aggregating several individual channels into a single tunnel. The refinement process is a sensitive task which can lead to incorrect or suboptimal implementations, that in turn affect the overall security, decrease the network throughput and increase the maintenance costs. In literature, several techniques exist that can be used to identify anomalies (i.e. potential incompatibilities and redundancies among policy implementations. However, these techniques usually focus only on a single security technology (e.g. IPsec) and overlook the effects of multiple overlapping protection techniques. This paper presents a novel classification of communication protection policy anomalies and a formal model which is able to detect anomalies among policy implementations relying on technologies that work at different network layers. The result of our analysis allows administrators to have a precise insight on the various alternative implementations, their relations and the possibility of resolving anomalies, thus increasing the overall security and performance of a network.},
 bibtype = {inproceedings},
 author = {Basile, Cataldo and Canavese, Daniele and Lioy, Antonio and Valenza, Fulvio},
 booktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}
}

{"_id":"ZakaEHseLzCKtgMig","bibbaseid":"basile-canavese-lioy-valenza-intertechnologyconflictanalysisforcommunicationprotectionpolicies-2015","authorIDs":["mWi7vbetNGoNvxDZk","x5vNTEJ4s3raTsibp"],"author_short":["Basile, C.","Canavese, D.","Lioy, A.","Valenza, F."],"bibdata":{"title":"Inter-technology conflict analysis for communication protection policies","type":"inproceedings","year":"2015","identifiers":"[object Object]","pages":"148-163","volume":"8924","id":"0bac6a12-b1cf-3d53-b063-0e7e7d2bb80d","created":"2020-10-28T14:39:42.901Z","file_attached":false,"profile_id":"47be63fe-fca0-3f0f-a864-642602926c3f","last_modified":"2021-01-23T15:56:18.076Z","read":false,"starred":false,"authored":"true","confirmed":"true","hidden":false,"private_publication":false,"abstract":"Usually network administrators implement a protection policy by refining a set of (abstract) communication security requirements into configuration settings for the security controls that will provide the required protection. The refinement consists in evaluating the available technologies that can enforce the policy at node and network level, selecting the most suitable ones, and possibly making fine adjustments, like aggregating several individual channels into a single tunnel. The refinement process is a sensitive task which can lead to incorrect or suboptimal implementations, that in turn affect the overall security, decrease the network throughput and increase the maintenance costs. In literature, several techniques exist that can be used to identify anomalies (i.e. potential incompatibilities and redundancies among policy implementations. However, these techniques usually focus only on a single security technology (e.g. IPsec) and overlook the effects of multiple overlapping protection techniques. This paper presents a novel classification of communication protection policy anomalies and a formal model which is able to detect anomalies among policy implementations relying on technologies that work at different network layers. The result of our analysis allows administrators to have a precise insight on the various alternative implementations, their relations and the possibility of resolving anomalies, thus increasing the overall security and performance of a network.","bibtype":"inproceedings","author":"Basile, Cataldo and Canavese, Daniele and Lioy, Antonio and Valenza, Fulvio","booktitle":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)","bibtex":"@inproceedings{\n title = {Inter-technology conflict analysis for communication protection policies},\n type = {inproceedings},\n year = {2015},\n identifiers = {[object Object]},\n pages = {148-163},\n volume = {8924},\n id = {0bac6a12-b1cf-3d53-b063-0e7e7d2bb80d},\n created = {2020-10-28T14:39:42.901Z},\n file_attached = {false},\n profile_id = {47be63fe-fca0-3f0f-a864-642602926c3f},\n last_modified = {2021-01-23T15:56:18.076Z},\n read = {false},\n starred = {false},\n authored = {true},\n confirmed = {true},\n hidden = {false},\n private_publication = {false},\n abstract = {Usually network administrators implement a protection policy by refining a set of (abstract) communication security requirements into configuration settings for the security controls that will provide the required protection. The refinement consists in evaluating the available technologies that can enforce the policy at node and network level, selecting the most suitable ones, and possibly making fine adjustments, like aggregating several individual channels into a single tunnel. The refinement process is a sensitive task which can lead to incorrect or suboptimal implementations, that in turn affect the overall security, decrease the network throughput and increase the maintenance costs. In literature, several techniques exist that can be used to identify anomalies (i.e. potential incompatibilities and redundancies among policy implementations. However, these techniques usually focus only on a single security technology (e.g. IPsec) and overlook the effects of multiple overlapping protection techniques. This paper presents a novel classification of communication protection policy anomalies and a formal model which is able to detect anomalies among policy implementations relying on technologies that work at different network layers. The result of our analysis allows administrators to have a precise insight on the various alternative implementations, their relations and the possibility of resolving anomalies, thus increasing the overall security and performance of a network.},\n bibtype = {inproceedings},\n author = {Basile, Cataldo and Canavese, Daniele and Lioy, Antonio and Valenza, Fulvio},\n booktitle = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}\n}","author_short":["Basile, C.","Canavese, D.","Lioy, A.","Valenza, F."],"bibbaseid":"basile-canavese-lioy-valenza-intertechnologyconflictanalysisforcommunicationprotectionpolicies-2015","role":"author","urls":{},"downloads":2},"bibtype":"inproceedings","creationDate":"2021-01-23T15:56:25.032Z","downloads":2,"keywords":["internet; network layers","network administrator; network throughput; policy implementations; protection techniques; refinement process; security and performance; security technology; suboptimal implementations","network security","policy analysis","vpn"],"search_terms":["inter","technology","conflict","analysis","communication","protection","policies","basile","canavese","lioy","valenza"],"title":"Inter-technology conflict analysis for communication protection policies","year":2015,"biburl":"https://fulviovalenza.github.io/fulvio.valenza//paper/2015SPRO.bib","dataSources":["FSC9dHHwLRGERZR7x"]}