Arguing About Firewall Policy

被引：7

作者：

Applebaum, Andy ^{[1
]}

Levitt, Karl ^{[1
]}

Rowe, Jeff ^{[1
]}

Parsons, Simon ^{[2
]}

机构：

[1] Univ Calif Davis, Dept Comp Sci, Davis, CA 95616 USA

[2] City Univ New York, Brooklyn Coll, Dept Comp & Info Sci, Brooklyn, NY USA

来源：

COMPUTATIONAL MODELS OF ARGUMENT | 2012年 / 245卷

基金：

美国国家科学基金会;

关键词：

Argumentation; value-based framework; firewall; anomaly; TOOLKIT; LOGIC;

D O I：

10.3233/978-1-61499-111-3-91

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

In this paper, we present a new framework to analyze firewall policy by using argumentation. At the core of this new idea is extending firewall rules with the concept of "reasons" and arguing about the reasons, not the rules. Depending on how the reasons are designed, the resulting framework can be useful in a number of ways: new anomalies in a firewall policy can be identified while, at the same time, stronger recommendations can be given to resolve those anomalies that are detected.

引用

页码：91 / +

页数：2

共 14 条

[1] Conflict classification and analysis of distributed firewall policies [J].

Al-Shaer, E ;

Hamed, H ;

Boutaba, R ;

Hasan, M .

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2005, 23 (10) :2069-2084

[2] Firewall policy advisor for anomaly discovery and rule editing [J].

Al-Shaer, ES ;

Hamed, HH .

INTEGRATED NETWORK MANAGEMENT VIII: MANAGING IT ALL, 2003, 118 :17-30

[3] Using argumentation logic for firewall policy specification and analysis [J].

Bandara, Arosha K. ;

Kakas, Antonis ;

Lupu, Emil C. ;

Russo, Alessandra .

LARGE SCALE MANAGEMENT OF DISTRIBUTED SYSTEMS, PROCEEDINGS, 2006, 4269 :185-196

[4] Using Argumentation Logic for Firewall Configuration Management [J].

Bandara, Arosha K. ;

Kakas, Antonis C. ;

Lupu, Emil C. ;

Russo, Alessandra .

2009 IFIP/IEEE INTERNATIONAL SYMPOSIUM ON INTEGRATED NETWORK MANAGEMENT (IM 2009) VOLS 1 AND 2, 2009, :180-+

[5] Firmato:: A novel firewall management toolkit [J].

Bartal, Y ;

Mayer, A ;

Nissim, K ;

Wool, A .

PROCEEDINGS OF THE 1999 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 1999, :17-31

[6] Persuasion in practical argument using value-based argumentation frameworks [J].

Bench-Capon, TJM .

JOURNAL OF LOGIC AND COMPUTATION, 2003, 13 (03) :429-448

[7]

Chomsiri T., 2006, P 2006 INT C SEC MAN

[8] ON THE ACCEPTABILITY OF ARGUMENTS AND ITS FUNDAMENTAL ROLE IN NONMONOTONIC REASONING, LOGIC PROGRAMMING AND N-PERSON GAMES [J].

DUNG, PM .

ARTIFICIAL INTELLIGENCE, 1995, 77 (02) :321-357

[9] Analysis of Firewall Policy Rules Using Data Mining Techniques [J].

Golnabi, Korosh ;

Min, Richard K. ;

Khan, Latifur ;

Al-Shaer, Ehab .

2006 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, VOLS 1 AND 2, 2006, :305-+

[10] Filtering postures: Local enforcement for global policies [J].

Guttman, JD .

1997 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - PROCEEDINGS, 1997, :120-129

← 1 2 →