The Z notation: a reference manual
The Z notation: a reference manual
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
ZUM '97 Proceedings of the 10th International Conference of Z Users on The Z Formal Specification Notation
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Compiling Policy Descriptions into Reconfigurable Firewall Processors
FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
FACE: A Firewall Analysis and Configuration Engine
SAINT '05 Proceedings of the The 2005 Symposium on Applications and the Internet
Policy Modeling and Refinement for Network Security Systems
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
Aggregating and Deploying Network Access Control Policies
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Specifications of a high-level conflict-free firewall policy language for multi-domain networks
Proceedings of the 12th ACM symposium on Access control models and technologies
Policy decomposition for collaborative access control
Proceedings of the 13th ACM symposium on Access control models and technologies
A Flexible Policy-Based Firewall Management Framework
CW '08 Proceedings of the 2008 International Conference on Cyberworlds
Network policy languages: a survey and a new approach
IEEE Network: The Magazine of Global Internetworking
Hi-index | 0.00 |
This work presents a new approach to policy representation of network security. It introduces a high-level language, where the security policies can be expressed by three policy models: mandatory, discretionary and security property. The proposed framework is capable of handling all three dimensions, being capable of generating the permissions from an abstract representation that is independent of how they are enforced, without violating the requirements of high-level security. Each dimension can be defined by people with different roles; for example, rules of the mandatory model and of the security property model could be attributed to the personnel of risk management, while rules of the discretionary model can be delegated among the network administrators in various departments of the organization. This work also presents a mechanism to represent the features implemented by different firewall models and a mechanism for translating the abstract representation in the scripts to configure the firewalls. A formal specification of the policy model validates the refinement algorithm and a study of scalability is presented to demonstrate how the algorithm behaves in large networks. Copyright © 2011 John Wiley & Sons, Ltd.