The acceptability semantics for logic programs
Proceedings of the eleventh international conference on Logic programming
Web security sourcebook
Algorithms for Improving the Dependability of Firewall and Filter Rule Lists
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Automatic analysis of firewall and network intrusion detection system configurations
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Dynamic rule-ordering optimization for high-speed firewall filtering
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A tool for automated iptables firewall analysis
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
An Automated Framework for Validating Firewall Policy Enforcement
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Inferring higher level policies from firewall rules
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Using argumentation logic for firewall policy specification and analysis
DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
Formal analysis of intrusion detection systems for high speed networks
ISPACT'10 Proceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy
Hi-index | 0.00 |
Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (≅ 150 rules).