Abstract
The development of complex access control architectures raises the problem of their management. In this article, we describe an architecture providing packet filters automatic configuration in Internet based networks. Our architecture improves existing proposals in three different fields. It suppresses the security officer interactions with the management architecture when topology changes occur thus preventing temporary security holes. Moreover our architecture proposes three optimisations to provide the access control processes with efficient configurations. Simulations show that the complexity of these configurations is close to the complexity found in configurations created by hand. Finally we describe how the notion of access control integrity can be incorporated in our management architecture at a reasonable cost.
| Original language | English |
|---|---|
| Pages (from-to) | 595-608 |
| Number of pages | 14 |
| Journal | Annales des Telecommunications/Annals of Telecommunications |
| Volume | 56 |
| Issue number | 9-10 |
| Publication status | Published - 1 Jan 2001 |
| Externally published | Yes |
Keywords
- Distributed system
- Filtering
- Integrity
- Internet
- Network architecture
- Network management
- Network router
- Packet transmission
- Simulation
- Telecommunication network