2nd International IEEE Conference on Communication System Software and Middleware

Research Article

An Efficient Management Method of Access Policies for Hierarchical Virtual Private Networks

  • @INPROCEEDINGS{10.1109/COMSWA.2007.382593,
        author={Kiyohiko Okayama and Nariyoshi Yamai and Hayato Ishibashi and Kota  Abe and Toshio  Matsuura},
        title={An Efficient Management Method of Access Policies for Hierarchical Virtual Private Networks},
        proceedings={2nd International IEEE Conference on Communication System Software and Middleware},
        publisher={IEEE},
        proceedings_a={COMSWARE},
        year={2007},
        month={7},
        keywords={Authentication  Costs  Cryptography  Databases  Hospitals  IP networks  Network servers  Relays  Virtual private networks  Web server},
        doi={10.1109/COMSWA.2007.382593}
    }
    
  • Kiyohiko Okayama
    Nariyoshi Yamai
    Hayato Ishibashi
    Kota Abe
    Toshio Matsuura
    Year: 2007
    An Efficient Management Method of Access Policies for Hierarchical Virtual Private Networks
    COMSWARE
    IEEE
    DOI: 10.1109/COMSWA.2007.382593
Kiyohiko Okayama1,*, Nariyoshi Yamai1,*, Hayato Ishibashi2,*, Kota Abe2,*, Toshio Matsuura2,*
  • 1: Information Technology Center, Okayama University 3-1-1, Tsushima-naka, Okayama 700-8530, Japan
  • 2: Graduate School of Creative Cities, Osaka City University 3-3-138, Sugimoto, Sumiyoshi-ku, Osaka 558-8585, Japan
*Contact email: okayama@cc.okayama-u.ac.jp, yamai@cc.okayama-u.ac.jp, ishibashi@media.osaka-cu.ac.jp, k-abe@media.osaka-cu.ac.jp, matsuura@media.osaka-cu.ac.jp

Abstract

VPN (virtual private network) is one of the most important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication, data encryption, and so on or not), an administrator of a VPN domain may need to configure access policies which are different from every VPN sub-domain. However, in the existing VPN methods, since access policies are stored in a static configuration file of each VPN gateway, an administrator of a VPN domain has to cooperate with the other administrators of its sub-domains. Therefore, management cost of access policies becomes considerably large if the organization has large and complicated structure. In this paper, we propose an efficient management method of access policies for hierarchical VPNs. In order to reduce management cost, we introduce a database with hierarchical structure to represent access policies easily and policy servers to get access policies automatically. The effectiveness of our proposed method is confirmed by an experiment on an actual network using policy servers based on the proposed method.