Abstract
Network Access Control requirements are typically implemented in practice as a series of heterogeneous security-mechanism-centric policies that span system services and application domains. For example, a Network Access Control (NAC) policy might be configured in terms of firewall, proxy, intrusion prevention and user-access policies. While defined separately, these policies may interoperate in the sense that the access requirements of one may conflict and/or be redundant with respect to the access requirements of another policy. Thus, managing a large number of distinct policies becomes a major challenge in terms of deploying and maintaining a meaningful and consistent configuration. It is argued that the Semantic Web—an architecture that supports the formal representation, reasoning and sharing of heterogeneous domain knowledge—provides a natural solution to this challenge. A risk-based approach to configuring interoperating policies is described. Each NAC mechanism has an ontology that is used to represent its configuration. This heterogeneous and interoperating policy knowledge is unified with higher-level business (risk) rules, providing a single (extensible) ontology that supports reasoning across the different NAC policy configurations.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
