lnu.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Verification of Distributed Firewalls Configuration vs. Security Policies Using ALCQI(d)
Tarbiat Modares University, Iran.ORCID iD: 0000-0002-0377-5595
Tarbiat Modares University, Iran.
2009 (English)In: Applied Artificial Intelligence, ISSN 0883-9514, E-ISSN 1087-6545, Vol. 23, no 10, p. 945-975Article in journal (Refereed) Published
Abstract [en]

Packet filtering firewalls have an important role in providing security in IP networks which control the traversal of packets across the boundaries of a secured network based on a specific security policy. Manual configuring of packet filtering firewalls can be extremely complex and error-prone. Therefore, it can be performed in an improper way which is not in conformance with security policies. So, we need an approach to analyze the configuration of whole packet-filtering firewalls in the network in order to discover all policy violations. In this article, we introduce an approach based on description logics to verify the configuration of all the firewalls in a network universally vs. security policies. Using this approach, system managers can express and analyze security policies with a formal and simple language. This high-level language is extensible and topology-independent. In this approach, we first automatically transform high-level security policies into low-level policies, i.e., filtering rules. Then we develop an algorithm to discover policy violations which takes configuration of the firewalls, network topology, routing information, and low-level security policies as input and determines existing policy violations as output.

Place, publisher, year, edition, pages
Taylor & Francis, 2009. Vol. 23, no 10, p. 945-975
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:lnu:diva-42244DOI: 10.1080/08839510903208088OAI: oai:DiVA.org:lnu-42244DiVA, id: diva2:803847
Available from: 2015-04-13 Created: 2015-04-13 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Khakpour, Narges

Search in DiVA

By author/editor
Khakpour, Narges
In the same journal
Applied Artificial Intelligence
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 85 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf