Inconsistency Analysis of Time-Based Security Policy and Firewall Policy

被引：2

作者：

Yin, Yi ^{[1
,2
]}

Tateiwa, Yuichiro ^{[3
]}

Wang, Yun ^{[1
]}

Katayama, Yoshiaki ^{[3
]}

Takahashi, Naohisa ^{[3
]}

机构：

[1] Southeast Univ, Sch Comp Sci & Engn, Nanjing, Jiangsu, Peoples R China

[2] Nanjing Normal Univ, Sch Comp Sci & Technol, Nanjing, Jiangsu, Peoples R China

[3] Nagoya Inst Technol, Grad Sch Engn, Dept Comp Sci & Engn, Nagoya, Aichi, Japan

来源：

FORMAL METHODS AND SOFTWARE ENGINEERING, ICFEM 2017 | 2017年 / 10610卷

基金：

中国国家自然科学基金;

关键词：

Security policy; Firewall policy; Time-based rules; Satisfiability modulo theories;

D O I：

10.1007/978-3-319-68690-5_27

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Packet filtering in firewall either accepts or denies packets based upon a set of predefined rules called firewall policy. In recent years, time-based firewall policies are widely used in many firewalls such as CISCO ACLs. Firewall policy is always designed under the instruction of security policy, which is a generic document that outlines the needs for network access permissions. It is difficult to maintain the consistency of normal firewall policy and security policy, not to mention time-based firewall policy and security policy. Even though there are many analysis methods for security policy and firewall policy, they cannot deal with time constraint. To resolve this problem, we firstly represent time-based security policy and firewall policy as logical formulas, and then use satisfiability modulo theories (SMT) solver Z3 to verify them and analyze inconsistency. We have implemented a prototype system to verify our proposed method, experimental results showed the effectiveness.

引用

页码：447 / 463

页数：17

共 50 条

[21] A TIME-BASED DYNAMIC SYNCHRONIZATION POLICY FOR CONSOLIDATED DATABASE SYSTEMS
Qu, Xinxue
Jiang, Zhengrui
MIS QUARTERLY, 2019, 43 (04) : 1041 - +
[22] Automatic Verification of Firewall Configuration with Respect to Security Policy Requirements
Matsumoto, Soutaro
Bouhoula, Adel
PROCEEDINGS OF THE INTERNATIONAL WORKSHOP ON COMPUTATIONAL INTELLIGENCE IN SECURITY FOR INFORMATION SYSTEMS CISIS 2008, 2009, 53 : 123 - +
[23] A Firewall Policy Anomaly Detection Framework for Reliable Network Security
Togay, Cengiz
Kasif, Ahmet
Catal, Cagatay
Tekinerdogan, Bedir
IEEE TRANSACTIONS ON RELIABILITY, 2022, 71 (01) : 339 - 347
[24] Optimal time-based consolidation policy with price sensitive demand
Hong, Ki-sung
Lee, Chulung
INTERNATIONAL JOURNAL OF PRODUCTION ECONOMICS, 2013, 143 (02) : 275 - 284
[25] Modeling and Global Conflict Analysis of Firewall Policy
Liang Xiaoyan
Xia Chunhe
Jiao Jian
Hu Junshun
Li Xiaojian
CHINA COMMUNICATIONS, 2014, 11 (05) : 124 - 135
[26] Firewall Policy Queries
Liu, Alex X.
Gouda, Mohamed G.
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2009, 20 (06) : 766 - 777
[27] Firewall Policy Change-Impact Analysis
Liu, Alex X.
ACM TRANSACTIONS ON INTERNET TECHNOLOGY, 2012, 11 (04)
[28] A policy-based approach to firewall management
Caldeira, F
Monteiro, E
NETWORK CONTROL AND ENGINEERING FOR QOS, SECURITY AND MOBILITY, 2003, 107 : 115 - 126
[29] Static Analysis of Routing and Firewall Policy Configurations
Sveda, Miroslav
Rysavy, Ondrej
de Silva, Gayan
Matousek, Petr
Rab, Jaroslav
E-BUSINESS AND TELECOMMUNICATIONS, 2012, 222 : 39 - 53
[30] Measuring the time inconsistency of US monetary policy
Surico, Paolo
ECONOMICA, 2008, 75 (297) : 22 - 38

← 1 2 3 4 5 →