By Topic

Systematic Deployment of Network Security Policy in Centralized and Distributed Firewalls

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Nihel Ben Souayeh Ben Youssef ; Higher Sch. of Commun. of Tunis (Sup'Com), Univ. of Carthage, Tunis, Tunisia ; Adel Bouhoula

Firewalls are the most widely adopted technology for protecting private networks. However, most firewalls in Internet have been plagued with policy errors. An important source of errors stem from the lack of automatic tools ensuring a correct deployment of a network security policy expressed in a high level language, into firewall configurations. In this paper, we propose a formal and automatic method for deploying a security policy, written in an expressive language into both centralized and distributed firewall configurations. Further-more, our method verifies that no in coherences exist within the security policy. When inconsistencies are detected, the usual feedback returned permits us to propose a discrepancy resolution approach. Moreover, we propose an approach for optimizing the security policy. The correctness of our method is proved. Finally, it has been implemented in a prototype. The first results are very promising.

Published in:

Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on

Date of Conference:

9-11 Oct. 2011