Policy Conflict Fast Detection And Resolution In Heterogeneous Network

In the past decade, the face of network has been changed a lot. The appearance of mobile computing is a revolutionary progress. The 2nd Generation Mobile Communication System (2G), for example, GSM (Global System for Mobile Communications), is widely used that mobile user can obtain roaming service of voice communication almost all over the world. General Packet Radio Service (GPRS) gives GSM user ability to access the Internet by mobile IP. In the last few years, The 3rd Generation Mobile Communication System (3G) has been already in use as a mobile Internet solution. At the same time, lots of technologies of Wireless LAN come out one after another. The present situation that every access technology has its own disadvantage is the cause of the appearance of heterogeneous Network. None of those access technologies can provide both ubiquitous coverage and high- throughput transmission ability.The structure of Heterogeneous Network is very complex, and the user has mobility, both of these reasons bring big challenge to security administration and resource allocation management of Heterogeneous Network. In the traditional network management mechanism, administrators have to configure every network behaviors in detail, for instance, creating and updating routing tables, and setting up quality standard for transmission steam and so on. But there are various networks integrated in Heterogeneous Network, both the size and complexity of network are increasing, users require higher quality of service (QoS) constantly, so the traditional network management mechanism can not adapt to the changes, flexible and efficient network management are unachievable at all. Policy Based Network Management (BPMN) comes out to meet these requests. PBMN is user-oriented and application-oriented. Administrator is allowed to simplify management and configure network by using policies independent of specific device, and free from hard ordinary configuration. Efficient and flexible network management is achieved.Many communities (such as IETF, DMTF, Object Management Group, TMF, etc.), academia (Imperial College University of London, etc.) and industry (HP, Allot, Tivoli, Cisco, etc.) are focusing on general frameworks, languages, and easy-to-use products, respectively. The most representative ones of them are Ponder language and policy framework, XACML of the OASIS, and the Policy Based Network Management (PBNM) of the IETF. There are some problems must be solved before PBNM becoming the nest standard of network management system, for example policy storage mechanism, policy transformation, policy conflict resolution etc. In policy based network management system, every device is driven by policy. Any policy conflict will make the system in an uncertain or false statement. The system can not decide which policy is to be executed. Therefore, policy conflict detection and resolution are critical problems of policy based network management system. IETF policy workgroup have considered policy conflict detection and resolution as an essential component of policy based network management system. Many researchers focus on policy conflict analysis, and put forward a lot of methods to detect and resolute policy conflict. By analyzing these achievements,we put forward the view that the conflict of security policy should be detected and resolved statically at system compile stage, and the conflict of resource allocation policy can be detected and resolved at run-time dynamically. The dynamical detection and resolution of resource allocation policy help to ensure QoS and reasonably allocate resource of network.Traditional policy storage mechanism deals with policy like data in a data base, which is disordered. We put forward an"event-target"secondary index structure to organize the policies of Policy Repository. By this structure, the whole policy set is turned into a three-level structure.The first level stores all the events of the system. Then we classify the policies by the index of event, and this is the classification for the first time. The second level stores all the targets of the system. Then we classify the policies by the index of target, and this is the classification for the second time. After the two times of classifications, the Policy Repository is transformed from a disordered set to a neat index structure. Because of the indexes, the policies retrieval time is greatly reduced. The static detection method of security policy conflict proposed in this paper bases on this"event-target"secondary index structure.Action in security policy is usually"permission"or"prohibition"to a service request, so the conflict among security policies is hard conflict. For example, a mobile user wants to access a restricted resource in the system. But this request triggers two opposite policies, so the system can not decide to execute which one. The resolution of this kind of conflict is very critical, because permitting an unlawful access and denying a legal access are both serious consequences. So this kind of hard conflict should be detected and resolved statically at the compiling stage. The advantage of the static conflict detection method of security policy put forward in this paper is that the method can minimize the count of policy which needs to do the final condition detection with the new policy. Experiment result show that the method is very efficient and stable.A conflict of resource allocation is possible to take place between two resource allocation policies, and is also possible to take place between one resource allocation policy and the statement of network resource.In this paper, we at first analyze some special requirement of resource allocation and QoS in heterogeneous network. And then we present a well known classification of network service. Based on this classification, a"Bandwidth-QoS"model is abstracted out. According to the different characteristics of the"Bandwidth-QoS"curves, the services which need to be ensured QoS are divided into three categories, hard real-time media service, adaptive real-time media service and data transmission service. This paper designs one conflict resolution method for every service. The purpose of the method is to dynamically resolve the conflict, ensure the QoS, and optimize the network resource management.