Arguing About Firewall Policy
نویسندگان
چکیده
In this paper, we present a new framework to analyze firewall policy by using argumentation. At the core of this new idea is extending firewall rules with the concept of “reasons” and arguing about the reasons, not the rules. Depending on how the reasons are designed, the resulting framework can be useful in a number of ways: new anomalies in a firewall policy can be identified while, at the same time, stronger recommendations can be given to resolve those anomalies that are detected.
منابع مشابه
Firewall Policy Query Language for Behavior Analysis
Firewalls are one of the most important devices used in network security today. Their primary goal is to provide protections between parties that only wish to communicate over an explicit set of channels, expressed through protocols. These channels are implemented and described in a firewall using a set of rules, collectively referred to as a firewall policy. However, understanding the policy t...
متن کاملFirewall Policy Diagram: Structures for Firewall Behavior Comprehension
Communication security and regulatory compliance have made the firewall a vital element for networked computers. They provide the protections between parties that only wish to communicate over an explicit set of channels, expressed through protocols, traveling over a network. These explicit set of channels are described and implemented in a firewall using a set of rules. The firewall implements...
متن کاملFirewall Management for to Resolve the Policy Anomalies
Firewall is a security system for network, that controls the network traffic based on firewall rules. Firewall depends on the policy configuration, but managing that firewall policy is complex. Existing policy analysis tools, such as Firewall Policy Advisor and FIREMAN, they can only detect the policy anomaly cannot resolve these anomalies, and detection time was also increased. Therefore, I re...
متن کاملAn Operational Semantics of the Java Card Firewall
This paper presents an operational semantics for a subset of Java Card bytecode, focussing on aspects of the Java Card firewall, method invocation, field access, variable access, shareable objects and contexts. The goal is to provide a precise description of the Java Card firewall using standard tools from operational semantics. Such a description is necessary for formally arguing the correctne...
متن کاملFirewall policy verification and troubleshooting
Firewalls are important elements of enterprise security and have been the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall mainly depends on the quality of its policy (i.e., configuration). However, due to the lack of tools for verifying and troubleshooting firewall policies, most firewalls on the Internet have policy errors. A fir...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012