An Inconsistency Detection Method for Security Policy and Firewall Policy Based on CSP Solver

被引：1

作者：

Yin, Yi ^{[1
,2
]}

Tateiwa, Yuichiro ^{[3
]}

Wang, Yun ^{[1
]}

Katayama, Yoshiaki ^{[3
]}

Takahashi, Naohisa ^{[3
]}

机构：

[1] Southeast Univ, Sch Comp Sci & Engn, Nanjing, Jiangsu, Peoples R China

[2] Nanjing Normal Univ, Sch Comp Sci & Technol, Nanjing, Jiangsu, Peoples R China

[3] Nagoya Inst Technol, Grad Sch Engn, Dept Comp Sci & Engn, Nagoya, Aichi, Japan

来源：

CLOUD COMPUTING AND SECURITY, PT II | 2017年 / 10603卷

基金：

中国国家自然科学基金;

关键词：

Security policy; Firewall policy; CSP problem;

D O I：

10.1007/978-3-319-68542-7_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined rules called firewall policy. Firewall policy always designed under the instruction of security policy, which is a generic document that outlines the needs for network access permissions. The design of firewall policy should be consistent with security policy. If firewall policy is not consistent with security policy, firewall policy may violate the intentions of security policy, which is the reason that result in critical security vulnerabilities. This paper extends our previous method, which represented security policy and firewall policy as Constraint Satisfaction Problem (CSP) and used a CSP solver Sugar only to verify whether they are consistent. In this paper, we propose a method to detect and resolve inconsistencies of firewall policy and security policy. We have implemented a prototype system to verify our proposed method, experimental results show the effectiveness.

引用

页码：147 / 161

页数：15

共 50 条

[21] A Flexible Policy-Based Firewall Management Framework
Wu Jin-hua
Chen Xiao-su
Zhao Yi-zhu
Ni Jun
PROCEEDINGS OF THE 2008 INTERNATIONAL CONFERENCE ON CYBERWORLDS, 2008, : 192 - 194
[22] Firewall analysis with policy-based host classification
Marmorstein, Robert
Kearns, Phil
LISA 06: USENIX ASSOCIATION PROCEEDINGS OF THE 20TH LARGE INSTALLATION SYSTEM ADMINISTRATION CONFERENCE, 2006, : 41 - +
[23] Policy-based networking: applications to firewall management
Caldeira, F
Monteiro, E
ANNALS OF TELECOMMUNICATIONS, 2004, 59 (1-2) : 38 - 54
[24] An Optimized Method of Firewall Policy Exception Handling In Cloud Environment
Mei, JiaBo
2015 8TH INTERNATIONAL SYMPOSIUM ON COMPUTATIONAL INTELLIGENCE AND DESIGN (ISCID), VOL 1, 2015, : 149 - 152
[25] A Security Policy Query Engine for Fully Automated Resolution of Anomalies in Firewall Configurations
Bouhoula, Ahmed
Yazidi, Anis
15TH IEEE INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (IEEE NCA 2016), 2016, : 76 - 80
[26] Fireasy: a tool to aid security policy modeling, translation and understanding firewall configuration
Marinho Queiroz, Leandro Meira
Garcia, Rogerio Eduardo
Eler, Danilo Medeiros
Messias Correia, Ronaldo Celso
2022 17TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI), 2022,
[27] FISCAL-POLICY AND THE DYNAMIC INCONSISTENCY OF SOCIAL-SECURITY FORECASTS
AARON, HJ
BURTLESS, G
AMERICAN ECONOMIC REVIEW, 1989, 79 (02): : 91 - 96
[28] Automatic conflict analysis and resolution of traffic filtering policy for firewall and Security Gateway
Ferraresi, Simone
Pesic, Stefano
Trazza, Livia
Baiocchi, Andrea
2007 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-14, 2007, : 1304 - +
[29] Blare Tools: A Policy-Based Intrusion Detection System Automatically Set by the Security Policy
George, Laurent
Tong, Valerie Viet Triem
Me, Ludovic
RECENT ADVANCES IN INTRUSION DETECTION, PROCEEDINGS, 2009, 5758 : 355 - 356
[30] Design of policy-based security management for intrusion detection
Jo, SH
Kim, JN
Soh, SW
SAM'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, VOLS 1 AND 2, 2003, : 337 - 340

← 1 2 3 4 5 →