Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)
DOI: 10.1109/secpri.1999.766714
|View full text |Cite
|
Sign up to set email alerts
|

Firmato: a novel firewall management toolkit

Abstract: In recent years packet-filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread deployment. In contrast, firewall and security management technology is lacking. In this paper we present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entityrelationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a m… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
213
0
5

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 187 publications
(218 citation statements)
references
References 18 publications
0
213
0
5
Order By: Relevance
“…after modifications on the PIM to update the security policy of the network according to the new requirements). In that sense, some existing forward engineering efforts [18,4] that produce firewall configurations from high level representations can be reused.…”
Section: Application Scenariosmentioning
confidence: 99%
See 1 more Smart Citation
“…after modifications on the PIM to update the security policy of the network according to the new requirements). In that sense, some existing forward engineering efforts [18,4] that produce firewall configurations from high level representations can be reused.…”
Section: Application Scenariosmentioning
confidence: 99%
“…Although there exist approaches to derive firewall configurations from highlevel network policy specifications [18,4], these configuration files are still mostly manually written, using low-level and, often, vendor-specific rule filtering languages. Moreover, the network topology, that may include several firewalls (potentially from different vendors), may impose the necessity of splitting the enforcement of the global security policy among several elements.…”
Section: Introductionmentioning
confidence: 99%
“…In [14] the authors propose a high-level language, Firmato, which models ACLs as ERDs in order to automatically generate low-level firewall ACLs. However, the complexity of Firmato is similar to that of many low-level languages.…”
Section: Related Workmentioning
confidence: 99%
“…Many third-party domain specific languages (DSLs) have been proposed to abstract the network administrator from the underlying firewall platform details and language syntax [6,7,8,9,10,11]. A domain specific language provides more possibilities to network administrators, since it can raise the abstraction level of the problem domain using its own concepts.…”
Section: Introductionmentioning
confidence: 99%
“…The Firmato system [19] is a firewall management toolkit for large-scale networks. It provides a portable, unified policy language, independent of the firewall specifics.…”
Section: Related Workmentioning
confidence: 99%