Using argumentation logic for firewall policy specification and analysis
AuthorBandara, A. K.
Kakas, Antonis C.
Lupu, E. C.
Source17th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2006
Google Scholar check
MetadataShow full item record
Firewalls are important perimeter security mechanisms that imple-ment an organisation's network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency. © IFIP International Federation for Information Processing 2006.
Showing items related by title, author, creator and subject.
Doctoral ThesisOpen Access
Stavrou, Iouliani Ch. (Πανεπιστήμιο Κύπρου, Σχολή Θετικών και Εφαρμοσμένων Επιστημών / University of Cyprus, Faculty of Pure and Applied Sciences, 2014-03)Τα ασύρματα δίκτυα αισθητήρων έχουν αποκτήσει αξιοσημείωτο ερευνητικό ενδιαφέρον κατά τη διάρκεια των τελευταίων ετών. Τα ασύρματα δίκτυα αισθητήρων μπορούν να υποστηρίξουν τη λειτουργία υποδομών ζωτικής σημασίας, όπως ...
Mavronicolas, Marios; Lesta, Vicky Papadopoulou; Philippou, Anna; Spirakis, Paul G. (2008)Consider a network vulnerable to viral infection, where the security software can guarantee safety only to a limited part of it. We model this practical network scenario as a non-cooperative multi-player game on a graph, ...
Speaker identification for security systems using reinforcement-trained pRAM neural network architectures Clarkson, T. G.; Christodoulou, Chris C.; Guan, Y.; Gorse, D.; Romano-Critchley, D. A.; Taylor, J. G. (2001)Four probabilistic pRAM neural network architectures are presented to explain have the different pRAM network architectures perform a classification. In addition, it is shown where the difficulties lie in seperating different ...