MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT

  • Authors:

  • Sergio Pozo;A. J. Varela-Vaca;Rafael M. Gasca

  • Affiliations:

  • QUIVIR Research Group, Department of Computer Languages and Systems Computer Engineering College, University of Seville, Sevilla, Spain 41012;QUIVIR Research Group, Department of Computer Languages and Systems Computer Engineering College, University of Seville, Sevilla, Spain 41012;QUIVIR Research Group, Department of Computer Languages and Systems Computer Engineering College, University of Seville, Sevilla, Spain 41012

  • Venue:
  • ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

The design and management of firewall ACLs is a very hard and error-prone task. Part of this complexity comes from the fact that each firewall platform has its own low-level language with a different functionality, syntax, and development environment. Although several high-level languages have been proposed to model firewall access control policies, none of them has been widely adopted by the industry due to a combination of factors: high complexity, no support of important features of firewalls, no common development process, etc. In this paper, a development process for Firewall ACLs based on the Model Driven Architecture (MDA) framework is proposed. The framework supports the market leaders firewall platforms and is user-extensible. The most important access control policy languages are reviewed, with special focus on the development of firewall ACLs. Based on this analysis a new DSL language for firewall ACLs, AFPL2, covering most features other languages do not cover, is proposed. The language is then used as the platform independent meta-model, the first part of the MDA-based framework.