Affiliations: Department of Computer Science, University of California, Davis, USA Tel.: 1-408-2421751; Fax: 1-408-5174703; E-mail: [email protected] | Department of Computer Science, University of California, Davis, USA E-mail: {martel, wu}@cs.ucdavis.edu | Network and Infrastructure, Research Lab (NIRL), Motorola Labs, USA E-mail: [email protected]
Abstract: With IPsec/VPN policies being widely deployed, how to correctly specify and configure them is critical in enforcing security requirements, especially among different administrative domains across the Internet. Under current practice, IPsec/VPN policies are specified individually by system administrators from different organizations without any formal coordination. This practice implies unintentional errors due to inconsistent IPsec/VPN policies. Furthermore, Internet routing dynamics may possibly interfere with IPsec/VPN policies such that unexpected conflicts occur due to a mismatch between the routing and IPsec/VPN layers. To deal with these problems, we formally define IPsec security requirements, policies, and their correctness criteria. Based on these definitions, we present an inter-domain architecture to automatically generate correct and efficient security policies. Our approach works when we are given a set of security requirements for a single end-to-end traffic flow. We can also deal with changes when new security requirements are added. Finally, we present simulation results which evaluate the performance of our solutions.
