The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Inferring higher level policies from firewall rules
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Complete analysis of configuration rules to guarantee reliable network security policies
International Journal of Information Security
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Verified Firewall Policy Transformations for Test Case Generation
ICST '10 Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation
Journal of Systems and Software
MoDELS'05 Proceedings of the 2005 international conference on Satellite Events at the MoDELS
Modeling and Management of Firewall Policies
IEEE Transactions on Network and Service Management
Hi-index | 0.00 |
Network security constitutes a critical concern when developing and maintaining nowadays corporate information systems. Firewalls are a key element of network security by filtering the traffic of the network in compliance with a number of access control rules that enforce a given security policy. Unfortunately, once implemented, and due to the complexity of firewall configuration languages and the underlying network topology, knowing which security policy is actually being enforced by the network system is a complex and time consuming task that requires low-level and, often, vendor-specific expertise. In an always-evolving context, where security policies are often updated to respond to new security requirements, this discovery phase becomes critical since it could hamper the proper evolution of the system and compromise its security. To tackle this problem, our approach generates an abstract model of the firewall configurations in a network that facilitates the understanding and evolution of network security policies.