Proceedings of the 12th ACM Symposium on Access Control Models and Technologies 2007
DOI: 10.1145/1266840.1266871
|View full text |Cite
|
Sign up to set email alerts
|

Specifications of a high-level conflict-free firewall policy language for multi-domain networks

Abstract: Multiple firewalls typically cooperate to provide security properties for a network, despite the fact that these firewalls are often spatially distributed and configured in isolation. Without a global view of the network configuration, such a system is ripe for misconfiguration, causing conflicts and major security vulnerabilities.We propose FLIP, a high-level firewall configuration policy language for traffic access control, to enforce security and ensure seamless configuration management. In FLIP, firewall s… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
41
0
3

Year Published

2009
2009
2020
2020

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 59 publications
(44 citation statements)
references
References 7 publications
0
41
0
3
Order By: Relevance
“…The synthetic firewall policy (FPB) ranges in size from 100 to 1000. In this paper, like other firewall management techniques [3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22], we did not consider the stateful filters for experimental evaluation. The treatment of conflict detection in stateful firewalls is a topic for future work.…”
Section: Geometrymentioning
confidence: 99%
See 1 more Smart Citation
“…The synthetic firewall policy (FPB) ranges in size from 100 to 1000. In this paper, like other firewall management techniques [3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22], we did not consider the stateful filters for experimental evaluation. The treatment of conflict detection in stateful firewalls is a topic for future work.…”
Section: Geometrymentioning
confidence: 99%
“…Various techniques have been developed to manage firewall policies [3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22]. Among these are firewall analysis tools [4,5] and techniques that focus on minimizing the firewall rules [6].…”
Section: Introductionmentioning
confidence: 99%
“…The rule sets in firewalls can become large when there is a combination of complex user requirements, diverse networked applications and need to combat increasingly sophisticated network based attacks [3]. A large rule set can have a detrimental effect on the performance of the firewall or require more expensive hardware that can cope with the large number of packet matches [4].…”
Section: Background/problemmentioning
confidence: 99%
“…FLIP [32] is a recently proposed firewall language which can also compile into several low-level ones. Their authors claim that ACLs expressed in FLIP are consistent.…”
Section: Rule Set Designmentioning
confidence: 99%