Sciweavers

IFIP
2004
Springer

A Formal Approach to Specify and Deploy a Network Security Policy

14 years 5 months ago
A Formal Approach to Specify and Deploy a Network Security Policy
Current firewall configuration languages have no well founded semantics. Each firewall implements its own algorithm that parses specific proprietary languages. The main consequence is that network access control policies are difficult to manage and most firewalls are actually wrongly configured. In this paper, we present an access control language based on XML syntax whose semantics is interpreted in the access control model Or-BAC (Organization Based Access Control). We show how to use this language to specify high-level network access control policies and then to automatically derive concrete access control rules to configure specific firewalls through a translation process. Our approach provides clear semantics to network security policy specification, makes management of such policy easier for the administrator and guarantees portability between firewalls.
Frédéric Cuppens, Nora Cuppens-Boula
Added 02 Jul 2010
Updated 02 Jul 2010
Type Conference
Year 2004
Where IFIP
Authors Frédéric Cuppens, Nora Cuppens-Boulahia, Thierry Sans, Alexandre Miège
Comments (0)