Domain Based Internet Security Policy Management

Abstract. As security devices and protocols become widely used on the Internet, the task of managing and processing communication security policies grows steeply in its complexity. This paper presents a scaleable, robust, secure distributed system that can manage communication security policies associated with multiple network domains and resolving the policies — esp. those that specify the use of IP-AH/ESP security protocols — into security requirements for inter-domain communication. Technology innovation includes a formal model for IPsec policy specification and resolution, a platform independent policy specification language and a distributed policy server system. The formal model consists of a hierarchical domain model for IPsec policy enforcement and a lattice model of IPsec policy semantics. The policy specification language enables users to specify IPsec policies using the formal model regardless of the make of the security devices. The policy servers maintain the security policies in a distributed database, and negotiate the security associations for protecting inter-domain communication. Both the policy database and the policy exchange protocol are protected from passive and active attacks. Several UNIX implementations are available for non-commercial uses.