Improving, packet filters management through automatic and dynamic schemes

The development of complex access control architectures raises the problem of their management. In this article, we describe an architecture providing packetfilters automatic configuration in Internet based networks. Our arch itecture improves existing proposals in three different fields. It suppress es the security officer interactions with the management architecture when topology changes occur thus preventing temporary security holes. Moreover o ur architecture proposes three optimisations to provide the access control processes with efficient configurations. Simulations show that the complexi ty of these configurations is close to the complexity found in configuratio ns created by hand. Finally ive describe how the notion of access control i ntegrity can be incorporated in our management architecture at a reasonable cost.