Formal Approach for Firewall Security Policy
[Abstract]
Packet filters play a very important role between public networks and private
networks. The function of it is achieved by security policies which consist
the informations like protocol, IP address, port and so on configured by the
administrator. However, the number of the security policy is extremely large
so that error happens easily. For example, the policy rules may conflict or
useless. As a result, it is necessary to propose some formal approach for
analyzing and managing the complex security policies. We proposed a policy
algebra model which provides a formalism for different kinds of algebra
computation over rule sets while preserving the security semantics. Additionally,
we give a complete and systemic policy anomaly classification and resolution.
[Papers]
-
韓芸、堀良彰、櫻井幸一、
"ファイアウォールポリシー代数モデルの設計"、
平成19年度電気関係学会九州支部連合大会、沖縄、Sept. 18-19、2007.
-
韓芸、堀良彰、櫻井幸一、
"ファイアウォールに関するポリシー代数モデルの提案"、
コンピュータセキュリティシンポジウム2007(CSS2007)、奈良、Oct.29-31、2007.