Internet packet filter management and rectangle geometry
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
Fast and scalable conflict detection for packet classifiers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Survey and taxonomy of packet classification techniques
ACM Computing Surveys (CSUR)
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Feature-based survey of model transformation approaches
IBM Systems Journal - Model-driven software development
Specifications of a high-level conflict-free firewall policy language for multi-domain networks
Proceedings of the 12th ACM symposium on Access control models and technologies
Complete analysis of configuration rules to guarantee reliable network security policies
International Journal of Information Security
Access control policies and languages
International Journal of Computational Science and Engineering
AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
IEEE Communications Magazine
Using a model merging language for reconciling model versions
ECMDA-FA'06 Proceedings of the Second European conference on Model Driven Architecture: foundations and Applications
Modeling and Management of Firewall Policies
IEEE Transactions on Network and Service Management
Taxonomy of conflicts in network security policies
IEEE Communications Magazine
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
A model-driven approach for the extraction of network access-control policies
Proceedings of the Workshop on Model-Driven Security
Hi-index | 0.00 |
Design, development, and maintenance of firewall ACLs are very hard and error-prone tasks. Two of the reasons for these difficulties are, on the one hand, the big gap that exists between the access control requirements and the complex and heterogeneous firewall platforms and languages and, on the other hand, the absence of ACL design, development and maintenance environments that integrate inconsistency and redundancy diagnosis. The use of modelling languages surely helps but, although several ones have been proposed, none of them has been widely adopted by industry due to a combination of factors: high complexity, unsupported firewall important features, no integrated model validation stages, etc. In this paper, CONFIDDENT, a model-driven design, development and maintenance framework for layer-3 firewall ACLs is proposed. The framework includes different modelling stages at different abstraction levels. In this way, non-experienced administrators can use more abstract models while experienced ones can refine them to include platform-specific features. CONFIDDENT includes different model diagnosis stages where the administrators can check the inconsistencies and redundancies of their models before the automatic generation of the ACL to one of the many of the market-leader firewall platforms currently supported.