With the explosive growth of Internet connectivity that includes not only end-hosts but also pervasive devices, secure and reliable Internet becomes a requirement for enterprises as well as home users. Although a significant effort has been made by the research community to develop defense techniques against security attacks, less focus has been given to manage security configuration efficiently. Network security devices, such as Firewalls, IPSec gateways, Intrusion Detection and Prevention Systems, as well as end-host access control servers, operate based on locally configured policies. Yet these policies are not necessarily independent as they interact with each other to form global end-to-end security. Managing these security policies are complex and error prone. Intra- and inter-policy conflicts or inconsistency is one of the main challenges for deploying effective security. In addition, the complexity of changing, testing, and validating security configuration in real-time environment become a major hindrance for evaluating security. Last but not least, security configurations such as policy rules are mostly defined in low level abstraction and represented in isolation of each other, which makes reasoning and discovering configuration anomalies intractable.

As a result, the complexity of integrated security management not only makes modifying and enhancing policies a nightmare for administrators, but it also increases the risk of network and end-system vulnerability to serious security breaches.

This special issue is seeking solutions that offer seamless and effective security configuration management in heterogeneous network security environments. We are looking for fundamental as well as empirical studies on this topic. This special issue solicits original and unpublished contributions addressing security policy management issues. Topics of particular interest are automated security configuration management, security policy verification and validation, dynamic and intelligent policy-based security and policy unification and visualization that improve the state-of-the-art in this area. Examples of selected topics include but are not limited to:

• Policy modeling and verification of security configuration
• Conflict discovery and resolution
• Discovery and protecting of security configuration
• Testing and validation of security configuration enforcement
• Configuration-based security risk measurement
• Adaptive and context-aware security configuration
• Policy and Configuration visualization
• Security configuration optimization
• Distributed policy editing, delegation and distribution
• Reasoning and analysis of security configuration interaction
• Security management for wireless and mobile networks
• Automated configuration for security auditing and forensics
• High-level security configuration languages
• Virtualization techniques for security management
• Operational experience with security configuration
• Case studies of security vulnerability due to configuration error