The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Survey and taxonomy of packet classification techniques
ACM Computing Surveys (CSUR)
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Model-driven development: the good, the bad, and the ugly
IBM Systems Journal - Model-driven software development
Specifications of a high-level conflict-free firewall policy language for multi-domain networks
Proceedings of the 12th ACM symposium on Access control models and technologies
AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Modeling and Management of Firewall Policies
IEEE Transactions on Network and Service Management
Hi-index | 0.00 |
The design and management of firewall ACLs is a very hard and error-prone task. Part of this complexity comes from the fact that each firewall platform has its own low-level language with a different functionality, syntax, and development environment. Although several high-level languages have been proposed to model firewall access control policies, none of them has been widely adopted by the industry due to a combination of factors: high complexity, no support of important features of firewalls, no common development process, etc. In this paper, a development process for Firewall ACLs based on the Model Driven Architecture (MDA) framework is proposed. The framework supports the market leaders firewall platforms and is user-extensible. The most important access control policy languages are reviewed, with special focus on the development of firewall ACLs. Based on this analysis a new DSL language for firewall ACLs, AFPL2, covering most features other languages do not cover, is proposed. The language is then used as the platform independent meta-model, the first part of the MDA-based framework.