A Path-Based Network Policy Language

Stone, Gary N.

A Path-Based Network Policy Language

Active / Technical Report | Accession Number: ADA384623 |

Open PDF

Abstract:

Network policies are traffic regulations for the networks which make up the Internet. These are necessary for managing the flow of data, for access control to the network, and for managing the network to achieve other types of quality of service goals. However, with the myriad of different policies and networks, all with varying needs, conflicts can arise between network policies. Detecting and correcting these conflicts can be quite difficult for human administrators. Thus, there is a need for a theoretically sound method for specifying policy and for automatically detecting policy conflicts. This dissertation presents a path-based policy language that is more comprehensive than earlier languages for describing network policy. The Path-based Policy Language PPL is a formal language for constructing models of Internet service and access control. This path-based language is extensible and allows for an unambiguous representation of network policies based on both the static and dynamic attributes of todays networks. To support this language, both a compiler and policy conflict tester were developed. These tools accept network policies specified in PPL, translate them into formal logic, and using a theorem prover to test for policy conflicts. PPL allows for the efficient representation of large networks with its abbreviated path format. This path format allows multiple paths to be represented with one statement.

Author(s):

Stone, Gary N.

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Descriptive Note:

Doctoral thesis

Pagination:

0187

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

RECORD

Collection: TR

Identifying Numbers

Contract/Grant Number(s):

DARPA ORDER-G417

Monitor Series:

DARPA

Subject Terms

Joint Capability Areas:

JCA_6.1.3_Switching and Routing; JCA_6_Net Centric; JCA_6.1_Information Transport; JCA_2_Battlespace Awareness; JCA_2.1_Planning and Direction; JCA_2.1.1_Define and Prioritize Requirements; JCA_6.4.1_Secure Information Exchange; JCA_5_Command and Control; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_1_Force Support; JCA_4.6_Engineering; JCA_1.2_Force Preparation; JCA_1.2.3_Educating; JCA_4.6.1_General Engineering; JCA_6.3.1_Optimized Network Functions and Resources; JCA_5.5.2_Task; JCA_5.5_Direct; JCA_5.4_Decide

Modernization Areas:

Microelectronics; Autonomy

Communities of Interest:

Energy and Power Technologies

Descriptor(s):

*COMPUTER COMMUNICATIONS, *INTERNET, *HIGH LEVEL LANGUAGES, *MACROPROGRAMMING, COMPUTER PROGRAM DOCUMENTATION, AUTOMATION, THESES, ROUTING, COMPILERS, SYSTEMS MANAGEMENT, MULTIPROGRAMMING, COMPUTER ACCESS CONTROL

Field(s)/Group(s):

Computer Programming and Software, Computer Systems Management and Standards, Computer Systems

Keyword(s):

PPL(PATH BASED POLICY LANGUAGE)

Report Date:

2000 Sep 01

Creation Date:

2000 Dec 20