The UMU-PBNM (University of Murcia Policy-Based Network Management) system aims to provide a security framework for the management of different kind of policies in IP networks. It is based on the use of public key cryptography (as provided by the UMU-PKIv6 implementation, for example) as a way to deal with the security concerns associated with today.s networked environments.

It is also based on the IETF/DMTF approach to network policies, which is attempting to define the basis for a multi-vendor networking environment supporting policy control mechanisms. As a statement of direction, the current framework is being updated towards a multi-layer management framework evolving the IETF/DMTF PBNM basic design.

The current system has been successfully designed and deployed for these kinds of network policies: IPsec, routing, firewall, QoS and DNS.

The University of Murcia (UMU) has developed an XACML policy definition software in Java called UMU-XACML-Editor. This is just an small part of a significative research effort on using different XML-related standards and technologies, such as XACML and SAML, to solve different scenarios on authentication and authorization of users and devices when accesing a network and the resources existing in that network.

The UMU-XACML-Editor is actually intented to cover XACML 2.0 standard policies as defined by the OASIS eXtensible Access Control Markup Language (XACML) TC.

The DNS Security (DNSSEC) Extensions, defined in RFC 2535, is a technique for securing the actual DNS system. It provides data integrity and end-to-end authenticity to secure the resolvers and applications, mainly through the use of public-key cryptography. All answers returned by a DNS using the DNSSEC technology are digitally signed. A resolver is able to check this signature and determine if the information is identical to the information on the authoritative server.

Summarizing, DNSSEC protects against data spoofing and corruption. The confidentiality is not required because the information stored in the DNS database is supposedly public.

The Dynamic VPN Controller (DVC) system, developed by the Defence Research and Development Canada (DRDC) agency, provides secure/authenticated out-of-band channels to dynamically negotiate, establish, monitor, and dismantle virtual private networks (VPNs) based on the Internet Protocol Security (IPsec) standards. The DRDC DVC demonstrator provides inter-domain security policy specification, negotiation and enforcement for coalition environments comprised of known partner sites.

The X-Bone dynamically deploys and manages Internet overlays to reduce configuration effort and increase network component sharing. The X-Bone discovers, configures, and monitors network resources to create overlays over existing IP networks. Overlays are useful for deploying overlapping virtual networks on shared infrastructure and for simplifying topology.

The Internet Key Exchange (IKE) version 2 protocol is the component of IPsec used for performing mutual authentication and establishing and maintaining security associations. This new specification includes ISAKMP (RFC 2408), IKE version 1 (RFC 2409), the Internet DOI (RFC 2407), NAT Traversal, Legacy authentication, and remote address acquisition.

The OpenIKEv2 library, developed by the University of Murcia, is an open source IKEv2 implementation written in C++.