Skip to main content
SpringerLink
Log in

AFPL, an Abstract Language Model for Firewall ACLs

  • Conference paper
Computational Science and Its Applications – ICCSA 2008 (ICCSA 2008)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5073))

Included in the following conference series:

Abstract

Design and management of firewall rule sets is difficult and error prone, mainly because the translation of access control requirements to low level languages is difficult. Abstract languages have been proposed, but none have been adopted by the industry. We think that the main reason is that their complexity is close to many of the existing low level languages. Complexity is defined as the difficulty to express knowledge from the reality being modeled (access control requirements). In this paper, we analyze the most widely used firewall languages and different possibilities of abstraction. Based on this analysis, a model for Firewall languages is proposed, and a new simple yet expressive and powerful firewall abstract language, Abstract Firewall Policy Language (AFPL), is proposed. AFPL can then be translated to existing low level firewall languages, or be directly interpreted by firewall platforms. We expect that AFPL can fill the gap between requirements and low level firewall languages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chapman, D., Zwicky, E.: Building Internet Firewalls, 2nd edn. O’Reilly & Associates, Inc., Sebastopol (2000)

    Google Scholar 

  2. Cheswick, W., Belovin, S.: Firewalls and Internet Security, 2nd edn. Addison-Wesley, Reading (2003)

    Google Scholar 

  3. Wool, A.: A quantitative study of firewall configuration errors. IEEE Computer 37(6), 62–67 (2004)

    Google Scholar 

  4. Bartal, Y., Mayer, A., Nissim, K., Wool, A.: Firmato: A Novel Firewall Management Toolkit. ACM Transactions on Computer Systems 22(4) (2004)

    Google Scholar 

  5. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Specification Language. In: Workshop on Policies for Distributed Systems and Networks (Policy2001), HP Labs Bristol, January 29-31 (2001)

    Google Scholar 

  6. OASIS eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/xacml/

  7. Moore, B., Ellesson, E., Strassner, J., Westerinen, A.: Policy Core Information Model (PCIM). IETF RFC 3060 (February 2001)

    Google Scholar 

  8. Rule Markup Language (RuleML), http://www.ruleml.org/

  9. Simple Rule Markup Language (SRML): A General XML Rule Representation for Forward-chaining Rules. ILOG, S.A (May 2001)

    Google Scholar 

  10. De Capitani di Vimercati, S., Foresti, S., Jajodia, P.: Access control policies and languages. Int. J. Computational Science and Engineering (2007)

    Google Scholar 

  11. Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: XML-based Access Control Languages. Information Security Technical Report. Elsevier Science, Amsterdam (2004)

    Google Scholar 

  12. El-Atawy, A.: Survey on the Use of Formal Languages/Models for the Specification, Verification, and Enforcement of Security Policies", Technical reports, DePaul University, CTI 06-005 (April 2006)

    Google Scholar 

  13. Basin, D., Dorser, J., Lodderstedt, T.: Model Driven Security: from UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology 15(1) (January 2006)

    Google Scholar 

  14. Barkley, J.: Comparing simple role based access control models and access control lists. In: ACM Workshop on Role-Based access control (RBAC). ACM, New York (1997)

    Google Scholar 

  15. High Level Firewall Language, http://www.hlfl.org

  16. Zhang, B., Al-Shaer, E., Jagadeesan, R., Riely, J., Pitcher, C.: Specifications of a High-level Conflict-free Firewall Policy Language for Multi-domain Networks. In: Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2007) (2007)

    Google Scholar 

  17. NeTSPoC: A nework Security Policy Compiler, http://netspoc.berlios.de

  18. Pozo, S., Ceballos, R., Gasca, R.M.: Model Based Development of Firewall Rule Sets: Detecting and Diagnosing Errors. Information and Software Technology Journal (Spring 2008)

    Google Scholar 

  19. Pozo, S., Ceballos, R., Gasca, R.M.: CSP-based Firewall Rule Set Diagnosis using Security Policies. In: International Symposium on Frontiers in Availability, Reliability and Security (FARES), in International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, April 2007, IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Languages and Systems ETS Ingeniería Informática, University of Seville, Avda. Reina Mercedes S/N, 41012, Sevilla, Spain

    S. Pozo, R. Ceballos & R. M. Gasca

Authors
  1. S. Pozo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Ceballos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. M. Gasca
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Osvaldo Gervasi Beniamino Murgante Antonio Laganà David Taniar Youngsong Mun Marina L. Gavrilova

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pozo, S., Ceballos, R., Gasca, R.M. (2008). AFPL, an Abstract Language Model for Firewall ACLs. In: Gervasi, O., Murgante, B., Laganà, A., Taniar, D., Mun, Y., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2008. ICCSA 2008. Lecture Notes in Computer Science, vol 5073. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69848-7_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69848-7_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69840-1

  • Online ISBN: 978-3-540-69848-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation