AFPL, an Abstract Language Model for Firewall ACLs

Authors:
S. Pozo;R. Ceballos;R. M. Gasca
Affiliations:
Department of Computer Languages and Systems ETS Ingeniería Informática, University of Seville, Sevilla, Spain 41012;Department of Computer Languages and Systems ETS Ingeniería Informática, University of Seville, Sevilla, Spain 41012;Department of Computer Languages and Systems ETS Ingeniería Informática, University of Seville, Sevilla, Spain 41012
Venue:
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Year:
2008

Citing 12
Cited 2

Comparing simple role based access control models and access control lists

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Building Internet firewalls (2nd ed.)

Building Internet firewalls (2nd ed.)
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Firewalls and Internet Security: Repelling the Wily Hacker

Firewalls and Internet Security: Repelling the Wily Hacker
A Quantitative Study of Firewall Configuration Errors

Computer
Firmato: A novel firewall management toolkit

ACM Transactions on Computer Systems (TOCS)
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
CSP-Based Firewall Rule Set Diagnosis using Security Policies

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Specifications of a high-level conflict-free firewall policy language for multi-domain networks

Proceedings of the 12th ACM symposium on Access control models and technologies
Access control policies and languages

International Journal of Computational Science and Engineering
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies

Information and Software Technology
XML-based access control languages

Information Security Tech. Report

MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT

ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
CONFIDDENT: A model-driven consistent and non-redundant layer-3 firewall ACL design, development and maintenance framework

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Design and management of firewall rule sets is difficult and error prone, mainly because the translation of access control requirements to low level languages is difficult. Abstract languages have been proposed, but none have been adopted by the industry. We think that the main reason is that their complexity is close to many of the existing low level languages. Complexity is defined as the difficulty to express knowledge from the reality being modeled (access control requirements). In this paper, we analyze the most widely used firewall languages and different possibilities of abstraction. Based on this analysis, a model for Firewall languages is proposed, and a new simple yet expressive and powerful firewall abstract language, Abstract Firewall Policy Language (AFPL), is proposed. AFPL can then be translated to existing low level firewall languages, or be directly interpreted by firewall platforms. We expect that AFPL can fill the gap between requirements and low level firewall languages.