lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Verification of Distributed Firewalls Configuration vs. Security Policies Using ALCQI(d)
Tarbiat Modares University, Iran.ORCID iD: 0000-0002-0377-5595
Tarbiat Modares University, Iran.
2009 (English)In: Applied Artificial Intelligence, ISSN 0883-9514, E-ISSN 1087-6545, Vol. 23, no 10, 945-975 p.Article in journal (Refereed) Published
Abstract [en]

Packet filtering firewalls have an important role in providing security in IP networks which control the traversal of packets across the boundaries of a secured network based on a specific security policy. Manual configuring of packet filtering firewalls can be extremely complex and error-prone. Therefore, it can be performed in an improper way which is not in conformance with security policies. So, we need an approach to analyze the configuration of whole packet-filtering firewalls in the network in order to discover all policy violations. In this article, we introduce an approach based on description logics to verify the configuration of all the firewalls in a network universally vs. security policies. Using this approach, system managers can express and analyze security policies with a formal and simple language. This high-level language is extensible and topology-independent. In this approach, we first automatically transform high-level security policies into low-level policies, i.e., filtering rules. Then we develop an algorithm to discover policy violations which takes configuration of the firewalls, network topology, routing information, and low-level security policies as input and determines existing policy violations as output.

Place, publisher, year, edition, pages
Taylor & Francis, 2009. Vol. 23, no 10, 945-975 p.
National Category
Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-42244DOI: 10.1080/08839510903208088OAI: oai:DiVA.org:lnu-42244DiVA: diva2:803847
Available from: 2015-04-13 Created: 2015-04-13 Last updated: 2015-04-14Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Khakpour, Narges
In the same journal
Applied Artificial Intelligence
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 52 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf