Improving the Variable Ordering of OBDDs Is NP-Complete
IEEE Transactions on Computers
Building Internet firewalls (2nd ed.)
Building Internet firewalls (2nd ed.)
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Algorithms for Improving the Dependability of Firewall and Filter Rule Lists
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Firewalls and Internet Security: Repelling the Wily Hacker
Firewalls and Internet Security: Repelling the Wily Hacker
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Automatic analysis of firewall and network intrusion detection system configurations
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Survey and taxonomy of packet classification techniques
ACM Computing Surveys (CSUR)
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
International Journal of Information Security
DASC '06 Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing
CSP-Based Firewall Rule Set Diagnosis using Security Policies
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Specifications of a high-level conflict-free firewall policy language for multi-domain networks
Proceedings of the 12th ACM symposium on Access control models and technologies
Model-Driven Architecture in Practice: A Software Production Environment Based on Conceptual Modeling
Complete analysis of configuration rules to guarantee reliable network security policies
International Journal of Information Security
Access control policies and languages
International Journal of Computational Science and Engineering
XML-based access control languages
Information Security Tech. Report
TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems
Modeling and Management of Firewall Policies
IEEE Transactions on Network and Service Management
Taxonomy of conflicts in network security policies
IEEE Communications Magazine
AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Network Security: Formal and Optimized Configuration
Proceedings of the 2010 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the 9th SoMeT_10
Journal of Systems and Software
A model-driven approach for the extraction of network access-control policies
Proceedings of the Workshop on Model-Driven Security
Hi-index | 0.00 |
The design and management of firewall rule sets is a very difficult and error-prone task because of the difficulty of translating access control requirements into complex low-level firewall languages. Although high-level languages have been proposed to model firewall access control lists, none has been widely adopted by the industry. We think that the main reason is that their complexity is close to that of many existing low-level languages. In addition, none of the high-level languages that automatically generate firewall rule sets verifies the model prior to the code-generation phase. Error correction in the early stages of the development process is cheaper compared to the cost associated with correcting errors in the production phase. In addition, errors generated in the production phase usually have a huge impact on the reliability and robustness of the generated code and final system. In this paper, we propose the application of the ideas of Model-Based Development to firewall access control list modelling and automatic rule set generation. First, an analysis of the most widely used firewall languages in the industry is conducted. Next, a Platform-Independent Model for firewall ACLs is proposed. This model is the result of exhaustive analysis and of a discussion of different alternatives for models in a bottom-up methodology. Then, it is proposed that a verification stage be added in the early stages of the Model-Based Development methodology, and a polynomial time complexity process and algorithms are proposed to detect and diagnose inconsistencies in the Platform-Independent Model. Finally, a theoretical complexity analysis and empirical tests with real models were conducted, in order to prove the feasibility of our proposal in real environments.