Title :
CSP-Based Firewall Rule Set Diagnosis using Security Policies
Author :
Pozo, S. ; Ceballos, R. ; Gasca, R.M.
Author_Institution :
Dept. of Comput. Languages & Syst., Seville Univ., Sevilla
Abstract :
The most important part of a firewall configuration process is the implementation of a security policy by a security administrator. However, this security policy is not designed by higher levels of the organisation, nor is written anywhere, so it is very usual to make mistakes in its implementation. To solve this problem we propose to express this global access control policy in some informal language that is translated to a model specification in conjunction with the firewall rule set. Then we construct a constraint satisfaction problem to detect and identify the possible inconsistencies between the specified policy and the firewall rule set
Keywords :
authorisation; constraint theory; formal logic; access control policy; constraint satisfaction problem; firewall configuration; firewall rule set diagnosis; first order logic model; model specification; security policy; Access control; Computer languages; Computer security; Fault detection; Fault diagnosis; Internet; Logic; Natural languages; Network topology; Specification languages;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.63
