Comparing simple role based access control models and access control lists
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Building Internet firewalls (2nd ed.)
Building Internet firewalls (2nd ed.)
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Firewalls and Internet Security: Repelling the Wily Hacker
Firewalls and Internet Security: Repelling the Wily Hacker
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
CSP-Based Firewall Rule Set Diagnosis using Security Policies
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Specifications of a high-level conflict-free firewall policy language for multi-domain networks
Proceedings of the 12th ACM symposium on Access control models and technologies
Access control policies and languages
International Journal of Computational Science and Engineering
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
XML-based access control languages
Information Security Tech. Report
MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Journal of Systems and Software
Hi-index | 0.00 |
Design and management of firewall rule sets is difficult and error prone, mainly because the translation of access control requirements to low level languages is difficult. Abstract languages have been proposed, but none have been adopted by the industry. We think that the main reason is that their complexity is close to many of the existing low level languages. Complexity is defined as the difficulty to express knowledge from the reality being modeled (access control requirements). In this paper, we analyze the most widely used firewall languages and different possibilities of abstraction. Based on this analysis, a model for Firewall languages is proposed, and a new simple yet expressive and powerful firewall abstract language, Abstract Firewall Policy Language (AFPL), is proposed. AFPL can then be translated to existing low level firewall languages, or be directly interpreted by firewall platforms. We expect that AFPL can fill the gap between requirements and low level firewall languages.