zhongxuan yang

DOI: https://doi.org/10.1007/978-3-642-28655-1_41

2012-01-01

Abstract:Community, as a system, there are many practical problems, such as property management companies do not act, owners committees exist in name only, etc. problems arise due to community management system root causes of this paper, according to my paper, it based on information technology, and by way of the development of new systems to build new community management system, information and community to achieve flat management, which greatly improve the efficiency and level of community management.

Li Jing

Abstract:Through policy-based network security management research,this paper analyzed the existing network secu-rity policy conflict detection and resolution method shortcomings.Based on policy refinement of ideas and security policy conflicts classification technology,policy-based network management security-level model was established,with exten-ded XACML language description.According to the relationship between policy behavior,using knowledge reasoning,dynamic layered security corresponding level of policy refinement consistency automatic detection and timely conflict resolution were made,letting it has a good reusability and scalability,and is conducive to the improvement of manage-ment efficiency.Policy-based access control refinement application implementation was verified.Finally,some of the fu-ture research directions were discussed.

Computer Science

HE Tian-he,PAN Xue-zeng

DOI: https://doi.org/10.3969/j.issn.1671-7147.2007.03.016

2007-01-01

Abstract:SNMP provides a way to manage and monitor the computer network.By extending its access control model on the 3rd version,the paper offers two methods : view based access control model(vacm) and role based access control model.It enhances RBAC's power and function.In use SNMPv3 based on Time Enhanced RBAC is more efficient and useful.

Weili Han,Zheran Fang,Weifeng Chen,Wenyuan Xu,Chang Lei

DOI: https://doi.org/10.1145/2046707.2093491

2011-01-01

Abstract:Policy driven management is widely used to manage networked resources and protect sensitive resources. Existing policy-driven management strategies rely heavily on policy administrators to specify and validate policies, which not only require in depth understanding of policy languages and domain knowledge, but also are error-prone.To simplify the tasks of policy administration, this paper proposes a novel policy administration framework, named collaborative policy administration (CPA). Essentially, the idea is that applications with similar functionalities shall have similar policies. Thus, to specify or validate policies, CPA will examine policies already specified by other applications in the same category and perform collaborative recommendation. In this paper, we consider the Android systems as a case study and show that CPA can strengthen Android security.

李章维,张建明,王树青

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.08.001

2004-01-01

Abstract:For improving the stability, reliability, and convenient safeguard in network systems, a new method for network fault detection based on the network device running status was proposed. Using the feature of real network and SNMP(simple network management protocol) and TELNET(telecommunication network protocol), the realization of multi-agent network management systems was discussed. The network management system is characterized by rapid network fault detection, determination and treatment, which has intelligence and capacity for self-study, and also shortens the time of network fault (response) and treatment, thus the reliability of the network was improved. With the use of multi-Agent technology, the new way for studying network management has advantages of simple calculation, rapid fault detection, etc.

Weishuai Yang,Shanping Li,Yuming Yao

DOI: https://doi.org/10.1109/ICII.2001.983559

2001-01-01

Abstract:Due to the growing complexity of computer networks, more sophisticated management strategies are required for adequate efficiency and reliability. The drawbacks of centralized network management (NM), characterized by a low degree of flexibility, scalability, efficiency and reliability, are clear. It is widely recognized that mobile agent (MA) approaches have many advantages in dealing with these problems by constructing a distributed computing environment. However, using MAs alone on trivial things might cause an unnecessary transmission overhead. We propose a hybrid hierarchical NM paradigm integrating centralized SNMP (simple network management protocol) and MAs

YANG Jia-hai,WU Jian-ping

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.06.001

2005-01-01

Abstract:Policy-based network management is an effective approach to achieve the management automation of large-scale heterogeneous networks and the adaptability of management system. Current policy-based network management approaches, due to the policy description methods and communication mechanisms, require some kind of upgrade of the managed systems. The paper described an EBNF-based policy description language that is independent of underlying managed systems. A practical management framework was proposed, in which standard SQL access interface and event-driven mechanism were adopted to realize the inter-module communication within system, while Tcl/tk/expect interactive script language was used to realize the communication between management system and managed devices. The policy description language can describe all kinds of high-level management tasks, while the proposed communication mechanism makes it possible to deploy policy-based management for those managed systems that do not support policy-related protocols. Full policy-based management can be achieved without any change or upgrade of the managed systems.

Kuangyi ZENG,Jinxiang ZHANG,Jiahai YANG

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.11.050

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET.Using the properties of access control list(ACL) in this model,the policies described in different specification languages are mapped into access control lists,which are distributed to different network devices to enforce.Thus,the complex transformation logic in traditional policy refinement fashion is simplified,especially,security and access control configuration management can be automated

Kuang Y. Zeng,Jinxiang Zhang,Jiahai Yang

2006-01-01

Abstract:A new model for policy refinement is presented at the application background of CERNET. Using the properties of access control list (ACL) in this model, the policies described in different specification languages are mapped into access control lists, which are distributed to different network devices to enforce. Thus, the complex transformation logic in traditional policy refinement fashion is simplified, especially, security and access control configuration management can be automated.

Suleiman Y. Yerima,Gerard P. Parr,Sally I. McClean,Philip J. Morrow

DOI: https://doi.org/10.3390/fi4030646

2013-11-07

Abstract:Fixed and wireless networks are increasingly converging towards common connectivity with IP-based core networks. Providing effective end-to-end resource and QoS management in such complex heterogeneous converged network scenarios requires unified, adaptive and scalable solutions to integrate and co-ordinate diverse QoS mechanisms of different access technologies with IP-based QoS. Policy-Based Network Management (PBNM) is one approach that could be employed to address this challenge. Hence, a policy-based framework for end-to-end QoS management in converged networks, CNQF (Converged Networks QoS Management Framework) has been proposed within our project. In this paper, the CNQF architecture, a Java implementation of its prototype and experimental validation of key elements are discussed. We then present a fuzzy-based CNQF resource management approach and study the performance of our implementation with real traffic flows on an experimental testbed. The results demonstrate the efficacy of our resource-adaptive approach for practical PBNM systems.

Networking and Internet Architecture,Artificial Intelligence

Xiaoang Zheng,Aris Leivadeas,Matthias Falkner

DOI: https://doi.org/10.1016/j.comnet.2022.109457

IF: 5.493

2022-11-07

Computer Networks

Abstract:Intent-Based Networking (IBN) is a novel networking pardigm that allows networks to be autonomously configured, continuously assured, and to be highly adaptable to high-level intentions of network users and operators. In IBN systems, conflict detection and policy resolution modules are crucial to intent activation to enforce correct network configurations. To this end, in this study, we propose an extensible intent model, complemented with a conflict detection algorithm. We also propose a policy resolution algorithm that is based on a two-dimensional analysis of intent endpoints and time spans. To better showcase the efficiency of our algorithm, we also developed an enterprise-based IBN intent management web application for network users and administrators. Our evaluation experiments reveal the effectiveness of our algorithms in terms of reliable resolutions and fast response time.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Guanding Yu

2006-01-01

Abstract:The traditional network management architecture is not suitable for hybrid networks because of high complexity,heterogeneity and integrity of several different kinds of networks(Internet,wireless mobile Ad Hoc network,satellite and other integrated network).This paper addressed a novel management protocol(NMP) for hybrid networks and verified it by using the Manager/Agent system.A special gateway was designed to connect two kinds of agents.The delivery time of message and the length of protocol digital unit were simulated under two kinds of protocols(NMP and SNMP).The results show the better performances of NMP.

Fu CHEN,Jiahai YANG,Yuemei XU

DOI: https://doi.org/10.3778/j.issn.1002-8331.1409-0384

2016-01-01

Abstract:A new network management architecture has been proposed in the paper. A system, which is developed based on this architecture, is introduced. And an ontology for network management is defined too. The architecture is based on the network management services that can be searched with semantics, invoked crossing administrant domain, composed on demand, and communicate among nodes with P2P pattern.

Peng-liang ZHANG,Jian-gang YANG

2005-01-01

Journal of Computer Applications

Abstract:A policy-driven network management architecture based on multi-agent was presented after analysing the policy-based management and intelligent Agent-based management,and many features of the policy-based management and intelligent Agent technology was utilized in it.The architecture performs well in constructing a service-oriented and self-managed distributed management system.

韩淑玲,谭庆平,张金祥,王继龙

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.07.036

2004-01-01

Abstract:It is a difficult task to manage Internet efficiently. XML can allow for the interchange of data between management applications using different information models. This paper puts forward a novel network management integration framework based on XML in the management of CERNET (China Education and Research Network), which classifies the whole management system into independent management entities, and the schemes for integration of management entities and definition of managed objects using XML are also given in this paper.

Ying-hong WU,Hao HUANG,Qing-kai ZENG

DOI: https://doi.org/10.3969/j.issn.1002-137X.2014.03.001

2014-01-01

Computer Science

Abstract:Policy refinement is an important method to resolve the complexity of distribute access control policy configuration.This article analyzed the existing policy refinement techniques,including their system and policies hierarchical description,their methods to derive the lower levels coordination control policies,their ability of policy conflict analysis and dispel in policy refinement,and the associated attribute analysis methods about the completeness and consistency in policy refinement,the consistency among coordination control policies for defense in depth,the composing and mutual exclusion polices relationship of application.The analysis shows that the key problem that affects refinement ability is lack of policies associated attribute analysis ability.The article further analyzed policies associated attribute analysis of the existing policy conflict analysis techniques,usability of distributed application and calculation expansibility.Based on these analysis we pointed out some research problems which can improve policy refinement ability to adapt the service oriented distributed application.

Weili Han,Chang Lei

DOI: https://doi.org/10.1016/j.comnet.2011.09.014

2012-01-01

Abstract:Policy-driven management is gaining popularity today, mainly due to the ever-growing scale and complexity of large networked systems. In these systems, policies are usually used to simplify the tasks of the system management, thus making way for further system enlargement. Accordingly, a variety of policy languages are proposed to express intentions of administrators in the policy-driven systems, especially for the network and security management. This paper, therefore, investigates current works, discusses the key issues, and then outlines the future work of policy languages.

Bei-shui Liao,Ji Gao

DOI: https://doi.org/10.1007/11590354_23

2005-01-01

Abstract:Currently, the management of grid services is becoming increasingly complex. To resolve this complexity problem, autonomic computing and policy-based multi-agent technology have been proposed as promising methods. However, there are many challenges to be resolved. Among them, policy refinement is a great problem that hampers the development of policy-based system. To cope with this issue, this paper presents a policy refinement mechanism based on recipes. Recipes define possible refinement alternatives for each abstract policy. And the policy refinement engine automatically refines the policies by choosing the refinement branch in terms of the conditions of each branch.

Dong-young Lee,H. Seo,Tae-Kyung Kim

Abstract:Enterprise security management system proposed to properly manage heterogeneous security products is the security management infrastructure designed to avoid needless duplications of management tasks and inter-operate those security products effectively. In this paper, we defined the security policies using Z-Notation and the detection algorithm of policy conflict for managing heterogeneous firewall systems. It is designed to help security management build invulnerable security policies that can unify various existing management infrastructures of security policies. Its goal is not only to improve security strength and increase the management efficiency and convenience but also to make it possible to include different security management infrastructures while building security policies. With the process of the detection and resolution for policy conflict, it is possible to integrate heterogeneous security policies and guarantee the integrity of them by avoiding conflicts or duplications among security policies. And further, it provides convenience to manage many security products existing in large networks.

Computer Science,Business

Yunfei Meng,Changbo Ke,Zhiqiu Huang

DOI: https://doi.org/10.1016/j.cose.2024.103850

IF: 5.105

2024-04-19

Computers & Security

Abstract:Software-defined networking (SDN) has been utilized to enforce the security of traditional networks. However, the existing SDN-based security enforcement mechanisms rely heavily on the security policies containing the underlying information of data plane, such as MAC address, IP address or switch ports. These security policies need to be specifically developed by network operators and loaded into the control plane manually. With increasing the scale of underlying network, the existing security policy management mechanisms confront more and more challenges. The security policy transformation for SDN networks is to research how to transform the high-level security policy without containing the underlying information into the practical flow entries used by Openflow switches automatically, thereby implementing the automatic management of security policies. To achieve this objective, we propose a model transformation based security policy automatic management framework for software-defined networking in this paper. Leveraging its functional modules, the framework can solve the problems of how to find a connected path for each access control rule of security policy model (SPM) in data plane, how to transform the connected path into the system model of flow entries, as well as how to generate the practical flow entries according to the system model of flow entries. In order to validate the effectiveness and performance of framework, we implement the framework by leveraging POX controller and Mininet emulator. The experimental results illustrate the framework can transform SPM into practical flow entries, synchronously perceive the modifications caused by cutting down one connected path or changing SPM, and continuously keep the data plane holding the security properties defined by SPM at runtime.

computer science, information systems