Dinesha Ranathunga, M. Roughan, Phil Kernick, Nickolas J. G. Falkner
{"title":"Malachite: Firewall policy comparison","authors":"Dinesha Ranathunga, M. Roughan, Phil Kernick, Nickolas J. G. Falkner","doi":"10.1109/ISCC.2016.7543759","DOIUrl":null,"url":null,"abstract":"Firewalls are a crucial element of any modern day business; they protect data and resources in a communications network from unauthorised access. In particular domains, such as SCADA networks, there are guidelines for firewall configuration, but currently there are no automated means to test compliance. Our research tackles this from first principles: we ask how firewall policies can be described at a high-level, independent of firewall-vendor and network minutiae. The semantic foundations we propose allow us to compare network-wide firewall policies and check if they are equivalent; or one is contained in the other in meaningful ways. These foundations also enable policy change-impact analysis and help identify functional discrepancies between multiple policy designs from users in distinct policy sub-domains (e.g., SCADA engineers, Corporate admins).","PeriodicalId":148096,"journal":{"name":"2016 IEEE Symposium on Computers and Communication (ISCC)","volume":"156 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Computers and Communication (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2016.7543759","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
Abstract
Firewalls are a crucial element of any modern day business; they protect data and resources in a communications network from unauthorised access. In particular domains, such as SCADA networks, there are guidelines for firewall configuration, but currently there are no automated means to test compliance. Our research tackles this from first principles: we ask how firewall policies can be described at a high-level, independent of firewall-vendor and network minutiae. The semantic foundations we propose allow us to compare network-wide firewall policies and check if they are equivalent; or one is contained in the other in meaningful ways. These foundations also enable policy change-impact analysis and help identify functional discrepancies between multiple policy designs from users in distinct policy sub-domains (e.g., SCADA engineers, Corporate admins).
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
