An Inconsistency Detection Method for Security Policy and Firewall Policy Based on CSP Solver

被引：1

作者：

Yin, Yi ^{[1
,2
]}

Tateiwa, Yuichiro ^{[3
]}

Wang, Yun ^{[1
]}

Katayama, Yoshiaki ^{[3
]}

Takahashi, Naohisa ^{[3
]}

机构：

[1] Southeast Univ, Sch Comp Sci & Engn, Nanjing, Jiangsu, Peoples R China

[2] Nanjing Normal Univ, Sch Comp Sci & Technol, Nanjing, Jiangsu, Peoples R China

[3] Nagoya Inst Technol, Grad Sch Engn, Dept Comp Sci & Engn, Nagoya, Aichi, Japan

来源：

CLOUD COMPUTING AND SECURITY, PT II | 2017年 / 10603卷

基金：

中国国家自然科学基金;

关键词：

Security policy; Firewall policy; CSP problem;

D O I：

10.1007/978-3-319-68542-7_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined rules called firewall policy. Firewall policy always designed under the instruction of security policy, which is a generic document that outlines the needs for network access permissions. The design of firewall policy should be consistent with security policy. If firewall policy is not consistent with security policy, firewall policy may violate the intentions of security policy, which is the reason that result in critical security vulnerabilities. This paper extends our previous method, which represented security policy and firewall policy as Constraint Satisfaction Problem (CSP) and used a CSP solver Sugar only to verify whether they are consistent. In this paper, we propose a method to detect and resolve inconsistencies of firewall policy and security policy. We have implemented a prototype system to verify our proposed method, experimental results show the effectiveness.

引用

页码：147 / 161

页数：15

共 50 条

[1] Inconsistency Analysis of Time-Based Security Policy and Firewall Policy
Yin, Yi
Tateiwa, Yuichiro
Wang, Yun
Katayama, Yoshiaki
Takahashi, Naohisa
FORMAL METHODS AND SOFTWARE ENGINEERING, ICFEM 2017, 2017, 10610 : 447 - 463
[2] A Novel Validation Method for Firewall Security Policy
Abbassi, Ryma
El Fatmi, Sihem Guemara
JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2009, 4 (04): : 329 - 337
[3] A Firewall Policy Anomaly Detection Framework for Reliable Network Security
Togay, Cengiz
Kasif, Ahmet
Catal, Cagatay
Tekinerdogan, Bedir
IEEE TRANSACTIONS ON RELIABILITY, 2022, 71 (01) : 339 - 347
[4] An Analysis on the Inconsistency of the Security Supervision Policy in the Method of Game Theory
WANG Xing-yu 1
Administrative College
2.College of Mathematics and Information Science
数学季刊, 2003, (01) : 93 - 98
[5] IPsec/Firewall Security Policy Analysis : A Survey
Khelf, Roumaissa
Ghoualmi-Zine, Nacira
2018 INTERNATIONAL CONFERENCE ON SIGNAL, IMAGE, VISION AND THEIR APPLICATIONS (SIVA), 2018,
[6] PolicyVis: Firewall security policy visualization and inspection
Tran, Tung
Al-Shaer, Ehab
Boutaba, Raouf
USENIX ASSOCIATION PROCEEDING OF THE 21ST LARGE INSTALLATION SYSTEMS ADMINISTRATION CONFERENCE, 2007, : 1 - 16
[7] A Conflict Detection Method for IPv6 Time-Based Firewall Policy
Zhang, Xue
Yin, Yi
Liu, Wei
Peng, Zhizhen
Zhang, Guoqiang
Wang, Yun
Tateiwa, Yuichiro
Takahashi, Naohisa
2019 IEEE INTL CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, BIG DATA & CLOUD COMPUTING, SUSTAINABLE COMPUTING & COMMUNICATIONS, SOCIAL COMPUTING & NETWORKING (ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM 2019), 2019, : 435 - 442
[8] Detection and resolution of anomalies in firewall policy rules
Abedin, Muhammad
Nessa, Syeda
Khan, Latifur
Thuraisingham, Bhavani
DATA AND APPLICATIONS SECURITY XX, PROCEEDINGS, 2006, 4127 : 15 - 29
[9] A policy of inconsistency and hypocrisy: United Kingdom social security policy and European citizenship
Larkin, Philip
JOURNAL OF SOCIAL WELFARE AND FAMILY LAW, 2009, 31 (01) : 33 - 45
[10] A Method of Conflict Detection And Resolution for Security Policy Based on Matrix Description
Chen, Ming
Hong, Jianxun
Xiao, Youan
Long, Yihong
PROCEEDINGS OF 2017 IEEE 7TH INTERNATIONAL CONFERENCE ON ELECTRONICS INFORMATION AND EMERGENCY COMMUNICATION (ICEIEC), 2017, : 548 - 551

← 1 2 3 4 5 →