{"title":"基于策略的大型网络配置验证方法及头部空间分析","authors":"T. Tonouchi","doi":"10.1109/APNOMS.2016.7737248","DOIUrl":null,"url":null,"abstract":"Configuration of network is getting complex because the network has been equipped with much functionality. Meanwhile, the network should satisfy many requirements for sophisticated multi-tenancy, high-level security and so on. For example, a flow which should be secure has to go through a firewall. However, it is difficult for an operator to verify whether the configuration in large network can satisfy these requirements. The verification takes a lot of time and a lot of human work. In addition, the human operator may inherently overlook an erroneous configuration. In this paper, we propose a policy language, which can specify the requirements. We also propose two implementation designs of the policy language. The one of the methods is estimated to verify the configuration of large network.","PeriodicalId":194123,"journal":{"name":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Policy-based verification method for configurations of large network with header-space analyses\",\"authors\":\"T. Tonouchi\",\"doi\":\"10.1109/APNOMS.2016.7737248\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Configuration of network is getting complex because the network has been equipped with much functionality. Meanwhile, the network should satisfy many requirements for sophisticated multi-tenancy, high-level security and so on. For example, a flow which should be secure has to go through a firewall. However, it is difficult for an operator to verify whether the configuration in large network can satisfy these requirements. The verification takes a lot of time and a lot of human work. In addition, the human operator may inherently overlook an erroneous configuration. In this paper, we propose a policy language, which can specify the requirements. We also propose two implementation designs of the policy language. The one of the methods is estimated to verify the configuration of large network.\",\"PeriodicalId\":194123,\"journal\":{\"name\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APNOMS.2016.7737248\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APNOMS.2016.7737248","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Policy-based verification method for configurations of large network with header-space analyses
Configuration of network is getting complex because the network has been equipped with much functionality. Meanwhile, the network should satisfy many requirements for sophisticated multi-tenancy, high-level security and so on. For example, a flow which should be secure has to go through a firewall. However, it is difficult for an operator to verify whether the configuration in large network can satisfy these requirements. The verification takes a lot of time and a lot of human work. In addition, the human operator may inherently overlook an erroneous configuration. In this paper, we propose a policy language, which can specify the requirements. We also propose two implementation designs of the policy language. The one of the methods is estimated to verify the configuration of large network.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
