dc.contributor.author | Bandara, A. K. | en |
dc.contributor.author | Kakas, Antonis C. | en |
dc.contributor.author | Lupu, E. C. | en |
dc.contributor.author | Russo, A. | en |
dc.contributor.editor | van der Meer S. | en |
dc.contributor.editor | Pfeifer T. | en |
dc.contributor.editor | State R. | en |
dc.contributor.editor | O'Sullivan D. | en |
dc.creator | Bandara, A. K. | en |
dc.creator | Kakas, Antonis C. | en |
dc.creator | Lupu, E. C. | en |
dc.creator | Russo, A. | en |
dc.date.accessioned | 2019-11-13T10:38:24Z | |
dc.date.available | 2019-11-13T10:38:24Z | |
dc.date.issued | 2006 | |
dc.identifier.issn | 0302-9743 | |
dc.identifier.uri | http://gnosis.library.ucy.ac.cy/handle/7/53608 | |
dc.description.abstract | Firewalls are important perimeter security mechanisms that imple-ment an organisation's network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency. © IFIP International Federation for Information Processing 2006. | en |
dc.source | 17th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management, DSOM 2006 | en |
dc.source.uri | https://www.scopus.com/inward/record.uri?eid=2-s2.0-33845242072&partnerID=40&md5=ef64ca505e55f48016a9dd6a906afa1e | |
dc.subject | Specifications | en |
dc.subject | Information technology | en |
dc.subject | Network protocols | en |
dc.subject | Network security | en |
dc.subject | Mobile security | en |
dc.subject | Computer viruses | en |
dc.subject | Security requirements | en |
dc.subject | Security of data | en |
dc.subject | Information management | en |
dc.subject | Formal logic | en |
dc.subject | Computer system firewalls | en |
dc.subject | Perimeter security | en |
dc.subject | Preference reasoning | en |
dc.subject | Argumentation reasoning | en |
dc.subject | Automatically generated | en |
dc.subject | Configuration rules | en |
dc.subject | Firewall configuration rules | en |
dc.subject | Network abstractions | en |
dc.subject | Network administrator | en |
dc.subject | Network administrators | en |
dc.subject | Reasoning framework | en |
dc.title | Using argumentation logic for firewall policy specification and analysis | en |
dc.type | info:eu-repo/semantics/article | |
dc.description.volume | 4269 LNCS | en |
dc.description.startingpage | 185 | |
dc.description.endingpage | 196 | |
dc.author.faculty | 002 Σχολή Θετικών και Εφαρμοσμένων Επιστημών / Faculty of Pure and Applied Sciences | |
dc.author.department | Τμήμα Πληροφορικής / Department of Computer Science | |
dc.type.uhtype | Article | en |
dc.description.notes | <p>Sponsors: | en |
dc.description.notes | Conference code: 117959 | en |
dc.description.notes | Cited By :24</p> | en |
dc.source.abbreviation | Lect. Notes Comput. Sci. | en |
dc.contributor.orcid | Kakas, Antonis C. [0000-0001-6773-3944] | |
dc.gnosis.orcid | 0000-0001-6773-3944 | |