Using argumentation logic for firewall policy specification and analysis
Date
2006ISSN
0302-9743Source
17th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2006Volume
4269 LNCSPages
185-196Google Scholar check
Keyword(s):
Metadata
Show full item recordAbstract
Firewalls are important perimeter security mechanisms that imple-ment an organisation's network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency. © IFIP International Federation for Information Processing 2006.
Collections
Cite as
Related items
Showing items related by title, author, creator and subject.
-
Conference Object
Survivable and Secure Elastic Optical Networks using Network Coding
Savva, Giannis; Manousakis, Konstantinos; Ellinas, Georgios (2019)In this work, the concept of network coding (NC) is used in conjunction with the routing and spectrum allocation (RSA) problem to jointly provide security and protection in elastic optical networks (EONs). Specifically, ...
-
Conference Object
Network Coding for Security Against Eavesdropping Attacks in Elastic Optical Networks
Savva, Giannis; Manousakis, Konstantinos; Ellinas, Georgios (Springer International Publishing, 2020)In this work, routing and spectrum allocation (RSA) algorithms together with network coding (NC) are proposed for elastic optical networks. NC has been used in optical networks for protection against link failures and also ...
-
Conference Object
Consensus Approach to Secure State Estimation for a Class of Remotely Sensed Networked Systems
Tsiakkas, Mihalis; Nicolaou, Nicolas; Polycarpou, Marios; Panayiotou, Christos (2018)Remote sensing is often a crucial part of cyber-physical and networked systems. Measurements taken at remote locations can both serve as monitoring tools as well as to inform control decisions. Over the past few years, a ...