CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Toward Autonomic Security Policy Management

Ehab Al-Shaer, Ph.D. - DePaul University, Chicago, IL

Aug 23, 2006

Size: 197.1MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube


The assurance of network security is dependent not only on the protocols but also on polices that determine the functional behavior of network security devices. Network security devices such as Firewalls, IPSec gateways, IDS/IPS operate based on locally configured access control policies. However, the complexity of managing security polices, particularly in enterprise networks, poses many challenges for deploying effective security. For example, security policies are usually configured in isolation from each other, even though they are not necessarily independent as they interact with each other to form the global security policy. As a result of such ad-hoc management, policy inconsistencies and network vulnerability are created. In addition security policy might grow in size causing a significant performance overhead in security devices. A major performance gain can be achieved if policies can be dynamic optimized to adapt to traffic properties (called traffic-aware policy optimization). This talk will explain these challenges and present the recent research results in the area of automated verification, and optimization of network security polices.

About the Speaker

Ehab Al-Shaer is an Associate Professor and the Director of Multimedia Networking Research Lab (MNLAB)in the School of Computer Science, Telecommunications and Information System at DePaul University. He received his Ph.D. in CS from Old Dominion University, M.S. in CS from Northeastern University, and B.Sc. in CompEng from KFUPM in 1998, 1994, and 1990 respectively. His primary research areas are Network Security, Internet monitoring, fault management, and multimedia protocols. Prof. Al-Shaer has many refereed journal and conferences publications in his area. He is a Co-Editor of number of books in the area of multimedia management and Monitoring Internet Monitoring. Prof. Al-Shaer is currently the program co-chair for IM'07, the primer conference in network management. He was also the Conference Program Co-chair for MMNS'01, E2EMON'03-06. He also served as steering committee member, TPC member, guest speaker, panelist, tutorial presenter, for many IEEE/ACM conferences and industry seminars. Prof. Al-Shaer was a Guest Editor for many journals. He received a fellowship award from NASA Langley Research Center in 1997. His research is sponsored in part by NSF, Cisco, Intel, Sun Microsystems, Aramco and Aprisma.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.