Formal Approach for Firewall Security Policy

[Abstract]
Packet filters play a very important role between public networks and private networks. The function of it is achieved by security policies which consist the informations like protocol, IP address, port and so on configured by the administrator. However, the number of the security policy is extremely large so that error happens easily. For example, the policy rules may conflict or useless. As a result, it is necessary to propose some formal approach for analyzing and managing the complex security policies. We proposed a policy algebra model which provides a formalism for different kinds of algebra computation over rule sets while preserving the security semantics. Additionally, we give a complete and systemic policy anomaly classification and resolution.

[Papers]

• 韓芸、堀良彰、櫻井幸一、 "ファイアウォールポリシー代数モデルの設計"、 平成１９年度電気関係学会九州支部連合大会、沖縄、Sept. 18-19、2007.
• 韓芸、堀良彰、櫻井幸一、 "ファイアウォールに関するポリシー代数モデルの提案"、 コンピュータセキュリティシンポジウム２００７（CSS2007）、奈良、Oct.29-31、2007.