Using argumentation logic for firewall policy specification and analysis

Authors:
Arosha K. Bandara;Antonis Kakas;Emil C. Lupu;Alessandra Russo
Affiliations:
Department of Computing, Imperial College London, London;Department of Computer Science, University of Cyprus, Cyprus;Department of Computing, Imperial College London, London;Department of Computing, Imperial College London, London
Venue:
DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management
Year:
2006

Citing 8
Cited 7

The acceptability semantics for logic programs

Proceedings of the eleventh international conference on Logic programming
On the acceptability of arguments and its fundamental role in nonmonotonic reasoning, logic programming and n-person games

Artificial Intelligence
An abstract, argumentation-theoretic approach to default reasoning

Artificial Intelligence
On the computational complexity of assumption-based argumentation for default reasoning

Artificial Intelligence
A System for Defeasible Argumentation, with Defeasible Priorities

FAPR '96 Proceedings of the International Conference on Formal and Applied Practical Reasoning
Automatic analysis of firewall and network intrusion detection system configurations

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Offline firewall analysis

International Journal of Information Security

Harnessing Models for Policy Conflict Analysis

AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
Ontology-Based Network Management: Study Cases and Lessons Learned

Journal of Network and Systems Management
Gorgias-C: Extending Argumentation with Constraint Solving

LPNMR '09 Proceedings of the 10th International Conference on Logic Programming and Nonmonotonic Reasoning
A formal logic approach to firewall packet filtering analysis and generation

Artificial Intelligence Review
Using argumentation logic for firewall configuration management

IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Knowledge representation and non-monotonic reasoning

A 25-year perspective on logic programming
Distributed middleware enforcement of event flow security policy

Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware

Quantified Score

Hi-index	0.00

Visualization

Abstract

Firewalls are important perimeter security mechanisms that imple-ment an organisation's network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency.