The acceptability semantics for logic programs
Proceedings of the eleventh international conference on Logic programming
An abstract, argumentation-theoretic approach to default reasoning
Artificial Intelligence
On the computational complexity of assumption-based argumentation for default reasoning
Artificial Intelligence
A System for Defeasible Argumentation, with Defeasible Priorities
FAPR '96 Proceedings of the International Conference on Formal and Applied Practical Reasoning
Automatic analysis of firewall and network intrusion detection system configurations
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
International Journal of Information Security
Harnessing Models for Policy Conflict Analysis
AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
Ontology-Based Network Management: Study Cases and Lessons Learned
Journal of Network and Systems Management
Gorgias-C: Extending Argumentation with Constraint Solving
LPNMR '09 Proceedings of the 10th International Conference on Logic Programming and Nonmonotonic Reasoning
A formal logic approach to firewall packet filtering analysis and generation
Artificial Intelligence Review
Using argumentation logic for firewall configuration management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Knowledge representation and non-monotonic reasoning
A 25-year perspective on logic programming
Distributed middleware enforcement of event flow security policy
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Hi-index | 0.00 |
Firewalls are important perimeter security mechanisms that imple-ment an organisation's network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency.