| IPSec has been proposed to provide integrity, confidentiality and authentication of data communications over IP networks. However, the complex semantics of IPSec policies increases significantly the potential of policy misconfiguration and thereby insecure transmission. Even the expert may not identify all conflicts resulted by policy misconfiguration. So it is necessary to give a depth analysis on policy conflict detection.A model that represents IPSec policy semantics using Boolean expressions is built to analysis policy relationships. IPSec security policy conflicts may exist in access control lists and encryption lists in an IPSec device or between different IPSec devices. Types of conflicts in access control lists in an IPSec device include shadowing-conflict, redundancy-conflict, correlation-conflict and exception-conflict while types of conflicts in encryption lists in an IPSec device include session-overlapping-conflict and more-protection-conflict. Types of conflicts in access control lists between different IPSec devices include denying-conflict, permitting-conflict and protecting-conflict while conflicts in encryption lists between different IPSec devices include the same types as that in an IPSec device. Condition of IPSec policy conflicts is described formally.An IPSec security policy tree is built for an automatic detection of policy conflicts. Algorithms based on IPSec security policy model and classification of IPSec security conflicts is to detect the conflicts may exist in IPSec security policy. Once a new rule is inserted, security policy tree is traversed to verify if the conflict conditions are satisfied while the type and position of conflicts can be reported correctly. The analysis of the complexity of algorithms and the results of a series of experiments indicate that algorithms are usable to detect IPSec security policy conflicts. The algorithms can guarantee the consistency of IPSec security policy and network security threat is avoided. |
PDF Full Text Request