Managing Security in Dynamic Networks

USENIX Lisa'99 Paper & Presentation

Alexander V. Konstantinou
Yechiam Yemini
DCC Laboratory
Columbia University
{akonstan, yemini}

Sandeep Bhatt
S. Rajagopalan
Telcordia Technologies (formerly Bellcore)
{bhatt, sraj}


This paper describes our initial steps towards self-configuring mechanisms for automating high-level security and service policies in dynamic networks. We build on the NESTOR system developed at Columbia University for instrumenting and monitoring constraints on network elements and services such as DHCP, DNS zones, host-based access controls, firewalls, and VLAN switches.

Current paradigms for configuration management require that changes be propagated either manually or via low-level scripts suited to static networks. Our longer-term goal is to provide fully automated techniques which work for dynamic networks in which changes are frequent and often unanticipated. Automated approaches, such as ours, are the only viable solution for global and dynamic networks and services. In this paper, we focus on one specific scenario to illustrate our ideas: providing transparent and secure access to selected services from a mobile laptop. The challenge is that reconfiguration must satisfy the security policies of two independent corporate networks.

Slides: [ Adobe PDF (50 K) ] [ Postscript (122 K) ] [ HTML (151 K) ]
Handouts (6 per page): [ Adobe PDF (44 K) ] [ Postscript (125 K) ]
Paper: [ Adobe PDF (302 K) ] [ Postscript (369 K) ] [ Compressed Postscript (125 K) ]

Related Links

$Date: 1999/11/22 20:42:56 $