使用论证逻辑进行防火墙配置管理

2009 IFIP/IEEE International Symposium on Integrated Network Management Pub Date : 2009-06-01 DOI:10.1109/INM.2009.5188808

A. Bandara, A. Kakas, Emil C. Lupu, A. Russo

{"title":"使用论证逻辑进行防火墙配置管理","authors":"A. Bandara, A. Kakas, Emil C. Lupu, A. Russo","doi":"10.1109/INM.2009.5188808","DOIUrl":null,"url":null,"abstract":"Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (≈ 150 rules).","PeriodicalId":332206,"journal":{"name":"2009 IFIP/IEEE International Symposium on Integrated Network Management","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"49","resultStr":"{\"title\":\"Using argumentation logic for firewall configuration management\",\"authors\":\"A. Bandara, A. Kakas, Emil C. Lupu, A. Russo\",\"doi\":\"10.1109/INM.2009.5188808\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (≈ 150 rules).\",\"PeriodicalId\":332206,\"journal\":{\"name\":\"2009 IFIP/IEEE International Symposium on Integrated Network Management\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"49\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 IFIP/IEEE International Symposium on Integrated Network Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INM.2009.5188808\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 IFIP/IEEE International Symposium on Integrated Network Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INM.2009.5188808","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 49

摘要

防火墙仍然是企业网络的主要外围安全保护。然而，网络的规模和复杂性使得防火墙的配置和维护非常困难。需要工具来分析防火墙配置中的错误，验证它们是否正确地实现了安全需求，并从更高级别的需求生成配置。在本文中，我们扩展了之前在防火墙策略分析中使用形式论证和偏好推理的工作，并开发了从更高级别需求自动生成防火墙策略的方法。这允许在同一框架内进行分析和生成，从而适应创建和维护防火墙配置的各种场景。我们通过将其应用于文献中的示例和中等大小(≈150条规则)的实际防火墙配置来验证我们的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Using argumentation logic for firewall configuration management

Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyse firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper we extend our previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements. This permits both analysis and generation to be done within the same framework, thus accommodating a wide variety of scenarios for authoring and maintaining firewall configurations. We validate our approach by applying it to both examples from the literature and real firewall configurations of moderate size (≈ 150 rules).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 IFIP/IEEE International Symposium on Integrated Network Management

自引率

0.00%

发文量

期刊最新文献

Policy-based self-management of wireless ad hoc networks A latency-aware algorithm for dynamic service placement in large-scale overlays A rule-based distributed system for self-optimization of constrained devices An efficient spectrum management mechanism for cognitive radio networks CHANGEMINER: A solution for discovering IT change templates from past execution traces