Inconsistency Analysis of Time-Based Security Policy and Firewall Policy

被引：2

作者：

Yin, Yi ^{[1
,2
]}

Tateiwa, Yuichiro ^{[3
]}

Wang, Yun ^{[1
]}

Katayama, Yoshiaki ^{[3
]}

Takahashi, Naohisa ^{[3
]}

机构：

[1] Southeast Univ, Sch Comp Sci & Engn, Nanjing, Jiangsu, Peoples R China

[2] Nanjing Normal Univ, Sch Comp Sci & Technol, Nanjing, Jiangsu, Peoples R China

[3] Nagoya Inst Technol, Grad Sch Engn, Dept Comp Sci & Engn, Nagoya, Aichi, Japan

来源：

FORMAL METHODS AND SOFTWARE ENGINEERING, ICFEM 2017 | 2017年 / 10610卷

基金：

中国国家自然科学基金;

关键词：

Security policy; Firewall policy; Time-based rules; Satisfiability modulo theories;

D O I：

10.1007/978-3-319-68690-5_27

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Packet filtering in firewall either accepts or denies packets based upon a set of predefined rules called firewall policy. In recent years, time-based firewall policies are widely used in many firewalls such as CISCO ACLs. Firewall policy is always designed under the instruction of security policy, which is a generic document that outlines the needs for network access permissions. It is difficult to maintain the consistency of normal firewall policy and security policy, not to mention time-based firewall policy and security policy. Even though there are many analysis methods for security policy and firewall policy, they cannot deal with time constraint. To resolve this problem, we firstly represent time-based security policy and firewall policy as logical formulas, and then use satisfiability modulo theories (SMT) solver Z3 to verify them and analyze inconsistency. We have implemented a prototype system to verify our proposed method, experimental results showed the effectiveness.

引用

页码：447 / 463

页数：17

共 50 条

[1] An Inconsistency Detection Method for Security Policy and Firewall Policy Based on CSP Solver
Yin, Yi
Tateiwa, Yuichiro
Wang, Yun
Katayama, Yoshiaki
Takahashi, Naohisa
CLOUD COMPUTING AND SECURITY, PT II, 2017, 10603 : 147 - 161
[2] A Conflict Detection Method for IPv6 Time-Based Firewall Policy
Zhang, Xue
Yin, Yi
Liu, Wei
Peng, Zhizhen
Zhang, Guoqiang
Wang, Yun
Tateiwa, Yuichiro
Takahashi, Naohisa
2019 IEEE INTL CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, BIG DATA & CLOUD COMPUTING, SUSTAINABLE COMPUTING & COMMUNICATIONS, SOCIAL COMPUTING & NETWORKING (ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM 2019), 2019, : 435 - 442
[3] IPsec/Firewall Security Policy Analysis : A Survey
Khelf, Roumaissa
Ghoualmi-Zine, Nacira
2018 INTERNATIONAL CONFERENCE ON SIGNAL, IMAGE, VISION AND THEIR APPLICATIONS (SIVA), 2018,
[4] Improving security in SCADA systems through firewall policy analysis
Rysavy, Ondrej
Rab, Jaroslav
Sveda, Miroslav
2013 FEDERATED CONFERENCE ON COMPUTER SCIENCE AND INFORMATION SYSTEMS (FEDCSIS), 2013, : 1435 - 1440
[5] Modeling and analysis of nested time-based software rejuvenation policy
You, Jing
Xu, Jian
Zhao, Xue-Long
Liu, Feng-Yu
Xitong Fangzhen Xuebao / Journal of System Simulation, 2006, 18 (04): : 904 - 908
[6] The Time Inconsistency of Delegation-Based Time Inconsistency Solutions in Monetary Policy
Bilbiie, Florin O.
JOURNAL OF OPTIMIZATION THEORY AND APPLICATIONS, 2011, 150 (03) : 657 - 674
[7] The Time Inconsistency of Delegation-Based Time Inconsistency Solutions in Monetary Policy
Florin O. Bilbiie
Journal of Optimization Theory and Applications, 2011, 150 : 657 - 674
[8] A Novel Validation Method for Firewall Security Policy
Abbassi, Ryma
El Fatmi, Sihem Guemara
JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2009, 4 (04): : 329 - 337
[9] PolicyVis: Firewall security policy visualization and inspection
Tran, Tung
Al-Shaer, Ehab
Boutaba, Raouf
USENIX ASSOCIATION PROCEEDING OF THE 21ST LARGE INSTALLATION SYSTEMS ADMINISTRATION CONFERENCE, 2007, : 1 - 16
[10] An Analysis on the Inconsistency of the Security Supervision Policy in the Method of Game Theory
WANG Xing-yu 1
Administrative College
2.College of Mathematics and Information Science
数学季刊, 2003, (01) : 93 - 98

← 1 2 3 4 5 →