AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Hi-index | 0.00 |
The most important part of a firewall configuration process is the implementation of a security policy by a security administrator. However, this security policy is not designed by higher levels of the organisation, nor is written anywhere, so it is very usual to make mistakes in its implementation. To solve this problem we propose to express this global access control policy in some informal language that is translated to a model specification in conjunction with the firewall rule set. Then we construct a Constraint Satisfaction Problem to detect and identify the possible inconsistencies between the specified policy and the firewall rule set.