DocumentCode
2741430
Title
Using argumentation logic for firewall configuration management
Author
Bandara, Arosha K. ; Kakas, Antonis C. ; Lupu, Emil C. ; Russo, Alessandra
Author_Institution
Dept. of Comput., Open Univ., Milton Keynes, UK
fYear
2009
fDate
1-5 June 2009
Firstpage
180
Lastpage
187
Abstract
Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (ap 150 rules).
Keywords
authorisation; formal logic; software maintenance; corporate networks; firewall configuration management; firewall policy analysis; formal argumentation logic; preference reasoning; security protection; Communication system traffic control; Computer network management; Computer networks; Educational institutions; Error correction; Intrusion detection; Logic; Protection; Security; Telecommunication traffic;
fLanguage
English
Publisher
ieee
Conference_Titel
Integrated Network Management, 2009. IM '09. IFIP/IEEE International Symposium on
Conference_Location
Long Island, NY
Print_ISBN
978-1-4244-3486-2
Electronic_ISBN
978-1-4244-3487-9
Type
conf
DOI
10.1109/INM.2009.5188808
Filename
5188808
Link To Document