Quite often attacks are enabled by mis-configurations generated by human errors. Policy-based network management has been proposed to cope with this problem: goals are expressed as high-level rules that are then translated into low-level configurations for network devices. While the concept is clear, there is a lack of tools supporting this strategy. We propose an ontology-based policy translation approach that mimics the behaviour of expert administrators, without their mistakes. We use ontologies to represent the domain knowledge and then perform reasonings (based on best practice rules) to create the configurations for network-level security controls (e.g., firewall and secure channels). If some information is missing from the ontology, the administrator is guided to provide the missing data. The configurations generated by our approach are represented in a vendor-independent format and therefore can be used with several real devices. © Springer-Verlag Berlin Heidelberg 2009.
CITATION STYLE
Basile, C., Lioy, A., Scozzi, S., & Vallini, M. (2009). Ontology-based policy translation. In Advances in Intelligent and Soft Computing (Vol. 63 AISC, pp. 117–126). https://doi.org/10.1007/978-3-642-04091-7_15
Mendeley helps you to discover research relevant for your work.