Skip to main content
SpringerLink
Log in

Ontology-Based Tools for Automating Integration and Validation of Firewall Rules

  • Conference paper
Business Information Systems (BIS 2009)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 21))

Included in the following conference series:

Abstract

Firewalls are recognized as efficient instruments in deploying security in computer networks. But, they may become useless in cases when network administrators do not possess enough skills and expertise to properly configure them. Nowadays, firewall rules are integrated in the broader scope of enterprise security management. Thus, deriving correct and consistent rules for firewalls is mandatory and they need to be assimilated in the global security policy of the enterprise. In this paper we present tools for managing firewalls using ontologies and semantic-rich languages. With our approach, network managers can develop new firewall rules, automatically verify and validate their correctness and consistency and integrate them with previous existing rules.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Wool, A.: A quantitative study of firewall configuration errors. Computer 37(6), 62–67 (2004)

    Article  Google Scholar 

  2. W3C Consortium: Web ontology language (consulted on 28 January 2009), http://www.w3.org/2004/OWL/

  3. Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Member Submission (2004)

    Google Scholar 

  4. Wack, J., Cutler, K., Pole, J.: Guidelines on Firewalls and Firewall Policy: Recommendations of the National Institute of Standards and Technology. NIST special publication 800-41 (2002)

    Google Scholar 

  5. Adiseshu, H., Suri, S., Parulkar, G.M.: Detecting and resolving packet filter conflicts. In: IEEE INFOCOM 2000, The Conference on Computer Communications, vol. 3, pp. 1203–1212. IEEE Computer Society, Los Alamitos (2000)

    Google Scholar 

  6. Hamed, H., Al-Shaer, E.: Taxonomy of conflicts in network security policies. IEEE Communications Magazine 44(3), 134–141 (2006)

    Article  Google Scholar 

  7. Gouda, M.G., Liu, A.X.: Structured firewall design. Computer Networks 51(4), 1106–1120 (2007)

    Article  Google Scholar 

  8. Al-Shaer, E., Hamed, H.: Management and translation of filtering security policies. In: IEEE Intl. Conf. on Communications, pp. 256–260. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  9. Yuan, L., Mai, J., Su, Z., Chen, H., Chuah, C.N., Mohapatra, P.: Fireman: A toolkit for firewall modeling and analysis. In: IEEE Symposium on Security and Privacy, pp. 199–213. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  10. Liu, A.X., Gouda, M.G., Ma, H.H., Ngu, A.H.: Firewall queries. In: Higashino, T. (ed.) OPODIS 2004. LNCS, vol. 3544, pp. 197–212. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Eronen, P., Zitting, J.: An expert system for analyzing firewall rules. In: 6th Nordic Workshop on Secure IT Systems, Technical report IMM-TR-2001-14. Technical University of Denmark (2001)

    Google Scholar 

  12. The HLFL project (consulted on 28 January 2009), http://www.hlfl.org/

  13. The Dynamic XML firewall (consulted on 28 January 2009), http://daxfi.sourceforge.net

  14. Guttman, J.D.: Filtering postures: local enforcement for global policies. In: IEEE Symposium on Security and Privacy, pp. 120–129. IEEE Computer Society, Los Alamitos (1997)

    Google Scholar 

  15. Moses, T.: eXtensible Access Control Markup Language, Ver. 2.0. OASIS Standard (2005)

    Google Scholar 

  16. Joshi, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access-control language for multidomain environments. IEEE Internet Computing 8(6), 40–50 (2004)

    Article  Google Scholar 

  17. Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, S.: KAoS policy management for semantic Web Services. IEEE Intelligent Systems 19(4), 32–41 (2004)

    Article  Google Scholar 

  18. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The PONDER policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  19. Hazelhurst, S., Fatti, A., Henwood, A.: Binary decision diagram representations of firewall and router access lists. Technical report, Department of Computer Science, University of the Witwatersrand, Johannesburg, South Africa (1998)

    Google Scholar 

  20. Fitzgerald, W.M., Foley, S.N., Foghlú, M.Ó.: Network access control interoperation using Semantic Web techniques. In: WOSIS 2008: 6th Intl. Workshop on Security in Information Systems, pp. 26–37. INSTICC Press (2008)

    Google Scholar 

  21. Knublauch, H., Fergerson, R.W., Noy, N.F., Musen, M.A.: The Protégé OWL plugin: An open development environment for Semantic Web applications. In: McIlraith, S.A., Plexousakis, D., van Harmelen, F. (eds.) ISWC 2004. LNCS, vol. 3298, pp. 229–243. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Sirin, E., Parsia, B., Grau, B.C., Kalyanpur, A., Katz, Y.: Pellet: A practical OWL-DL reasoner. Technical report, University of Maryland (2005)

    Google Scholar 

  23. Haarslev, V., Möller, R.: Racer: An OWL reasoning agent for the Semantic Web. In: Intl. Workshop on Applications, Products and Services of Web-based Support Systems, in conjunction with the 2003 IEEE/WIC Intl. Conf. on Web Intelligence, pp. 91–95 (2003)

    Google Scholar 

  24. Frieman-Hill, E.: Jess in Action: Java Rule-Based Systems. Manning Publications (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Business Information Systems, Babeṣ-Bolyai University, Str. Theodor Mihali 58-60, 400591, Cluj-Napoca, Romania

    Ana-Maria Ghiran, Gheorghe Cosmin Silaghi & Nicolae Tomai

Authors
  1. Ana-Maria Ghiran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gheorghe Cosmin Silaghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicolae Tomai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Systems, Poznań University of Economics, Al. Niepodległości 10, 61-875, Poznań, Poland

    Witold Abramowicz

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ghiran, AM., Silaghi, G.C., Tomai, N. (2009). Ontology-Based Tools for Automating Integration and Validation of Firewall Rules. In: Abramowicz, W. (eds) Business Information Systems. BIS 2009. Lecture Notes in Business Information Processing, vol 21. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01190-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01190-0_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01189-4

  • Online ISBN: 978-3-642-01190-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation