Towards a Framework for Automatic Firewalls Configuration via Argumentation Reasoning

被引：4

作者：

Karafili, Erisa ^{[1
]}

Valenza, Fulvio ^{[2
]}

Chen, Yichen ^{[3
]}

Lupu, Emil C. ^{[3
]}

机构：

[1] Univ Southampton, Southampton, Hants, England

[2] Politecn Torino, Turin, Italy

[3] Imperial Coll London, London, England

来源：

NOMS 2020 - PROCEEDINGS OF THE 2020 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM 2020: MANAGEMENT IN THE AGE OF SOFTWARIZATION AND ARTIFICIAL INTELLIGENCE | 2020年

基金：

英国工程与自然科学研究理事会;

关键词：

Firewall; Security policy; Network security; Argumentation reasoning; CLASSIFICATION;

D O I：

10.1109/noms47738.2020.9110399

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Firewalls have been widely used to protect not only small and local networks but also large enterprise networks. The configuration of firewalls is mainly done by network administrators, thus, it suffers from human errors. This paper aims to solve the network administrators' problem by introducing a formal approach that helps to configure centralized and distributed firewalls and automatically generate conflict-free firewall rules. We propose a novel framework, called ArgoFiCo, which is based on argumentation reasoning. Our framework automatically populates the firewalls of a network, given the network topology and the high-level requirements that represent how the network should behave. ArgoFiCo provides two strategies for firewall rules distribution.

引用

页数：4

共 20 条

[1] Conflict classification and analysis of distributed firewall policies [J].

Al-Shaer, E ;

Hamed, H ;

Boutaba, R ;

Hasan, M .

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2005, 23 (10) :2069-2084

[2]

Arunkumar S, 2017, 2017 IEEE SMARTWORLD, UBIQUITOUS INTELLIGENCE & COMPUTING, ADVANCED & TRUSTED COMPUTED, SCALABLE COMPUTING & COMMUNICATIONS, CLOUD & BIG DATA COMPUTING, INTERNET OF PEOPLE AND SMART CITY INNOVATION (SMARTWORLD/SCALCOM/UIC/ATC/CBDCOM/IOP/SCI)

[3] Using argumentation logic for firewall policy specification and analysis [J].

Bandara, Arosha K. ;

Kakas, Antonis ;

Lupu, Emil C. ;

Russo, Alessandra .

LARGE SCALE MANAGEMENT OF DISTRIBUTED SYSTEMS, PROCEEDINGS, 2006, 4269 :185-196

[4] Firmato:: A novel firewall management toolkit [J].

Bartal, Y ;

Mayer, A ;

Nissim, K ;

Wool, A .

ACM TRANSACTIONS ON COMPUTER SYSTEMS, 2004, 22 (04) :381-420

[5]

Basile Cataldo, 2015, Risks and Security of Internet and Systems. 9th International Conference, CRiSIS 2014. Revised Selected Papers: LNCS 8924, P148, DOI 10.1007/978-3-319-17127-2_10

[6] Adding Support for Automatic Enforcement of Security Policies in NFV Networks [J].

Basile, Cataldo ;

Valenza, Fulvio ;

Lioy, Antonio ;

Lopez, Diego R. ;

Pastor Perales, Antonio .

IEEE-ACM TRANSACTIONS ON NETWORKING, 2019, 27 (02) :707-720

[7] Inter-function anomaly analysis for correct SDN/NFV deployment [J].

Basile, Cataldo ;

Canavese, Daniele ;

Lioy, Antonio ;

Pitscheider, Christian ;

Valenza, Fulvio .

INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, 2016, 26 (01) :25-43

[8] Policy Support for Autonomous Swarms of Drones [J].

Cullen, Alan ;

Karafili, Erisa ;

Pilgrim, Alan ;

Williams, Chris ;

Lupu, Emil .

EMERGING TECHNOLOGIES FOR AUTHORIZATION AND AUTHENTICATION, ETAA 2018, 2018, 11263 :56-70

[9]

Kakas A.C., 2003, P 2 INT JOINT C AUT, P883

[10]

KAKAS AC, 1994, MIT PS LOG, P504

← 1 2 →