• DocumentCode
    2741430
  • Title

    Using argumentation logic for firewall configuration management

  • Author

    Bandara, Arosha K. ; Kakas, Antonis C. ; Lupu, Emil C. ; Russo, Alessandra

  • Author_Institution
    Dept. of Comput., Open Univ., Milton Keynes, UK
  • fYear
    2009
  • fDate
    1-5 June 2009
  • Firstpage
    180
  • Lastpage
    187
  • Abstract
    Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (ap 150 rules).
  • Keywords
    authorisation; formal logic; software maintenance; corporate networks; firewall configuration management; firewall policy analysis; formal argumentation logic; preference reasoning; security protection; Communication system traffic control; Computer network management; Computer networks; Educational institutions; Error correction; Intrusion detection; Logic; Protection; Security; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Integrated Network Management, 2009. IM '09. IFIP/IEEE International Symposium on
  • Conference_Location
    Long Island, NY
  • Print_ISBN
    978-1-4244-3486-2
  • Electronic_ISBN
    978-1-4244-3487-9
  • Type

    conf

  • DOI
    10.1109/INM.2009.5188808
  • Filename
    5188808