Using Hierarchal Change Mining to Manage Network Security Policy Evolution
Managing the security of complex cloud and networked computing environments requires crafting security policy - ranging from natural-language text to highly-structured configuration rules, sometimes multi-layered - specifying correct system behavior in an adversarial environment. Since environments change and evolve, managing security requires managing evolution of policies, which adds another layer, the change log. However, evolution increases complexity, and the more complex a policy, the harder it is to manage and update, and the more prone it is to be incorrect. This paper proposes hierarchical change mining, drawing upon the tools of software engineering and data mining, to help practitioners introduce fewer errors when they update policy.