An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
The grid: blueprint for a new computing infrastructure
The grid: blueprint for a new computing infrastructure
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Designing an Academic Firewall: Policy, Practice, and Experience with SURF
SNDSS '96 Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)
Modeling and Verification of IPSec and VPN Security Policies
ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
Dynamic rule-ordering optimization for high-speed firewall filtering
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
On the Safety and Efficiency of Firewall Policy Deployment
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Formal Verification of Security Policy Implementations in Enterprise Networks
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Network Security: Formal and Optimized Configuration
Proceedings of the 2010 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the 9th SoMeT_10
Generating policy based security implementation in enterprise network: a formal framework
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Journal of Systems and Software
On synthesizing distributed firewall configurations considering risk, usability and cost constraints
Proceedings of the 7th International Conference on Network and Services Management
Multi-constraint security policies for delegated firewall administration
International Journal of Network Management
| Hi-index | 0.00 |
Multiple firewalls typically cooperate to provide security properties for a network, despite the fact that these firewalls are often spatially distributed and configured in isolation. Without a global view of the network configuration, such a system is ripe for misconfiguration, causing conflicts and major security vulnerabilities. We propose FLIP, a high-level firewall configuration policy language for traffic access control, to enforce security and ensure seamless configuration management. In FLIP, firewall security policies are defined as high-level service-oriented goals, which can be translated automatically into access control rules to be distributed to appropriate enforcement devices. FLIP guarantees that the rules generated will be conflict-free, both on individual firewall and between firewalls. We prove that the translation algorithm is both sound and complete. FLIP supports policy inheritance and customization features that enable defining a global firewall policy for large-scale enterprise network quickly and accurately. Through a case study, we argue that firewall policy management for large-scale networks is efficient and accurate using FLIP.