Abstract
Firewalls are recognized as efficient instruments in deploying security in computer networks. But, they may become useless in cases when network administrators do not possess enough skills and expertise to properly configure them. Nowadays, firewall rules are integrated in the broader scope of enterprise security management. Thus, deriving correct and consistent rules for firewalls is mandatory and they need to be assimilated in the global security policy of the enterprise. In this paper we present tools for managing firewalls using ontologies and semantic-rich languages. With our approach, network managers can develop new firewall rules, automatically verify and validate their correctness and consistency and integrate them with previous existing rules.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Wool, A.: A quantitative study of firewall configuration errors. Computer 37(6), 62–67 (2004)
W3C Consortium: Web ontology language (consulted on 28 January 2009), http://www.w3.org/2004/OWL/
Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Member Submission (2004)
Wack, J., Cutler, K., Pole, J.: Guidelines on Firewalls and Firewall Policy: Recommendations of the National Institute of Standards and Technology. NIST special publication 800-41 (2002)
Adiseshu, H., Suri, S., Parulkar, G.M.: Detecting and resolving packet filter conflicts. In: IEEE INFOCOM 2000, The Conference on Computer Communications, vol. 3, pp. 1203–1212. IEEE Computer Society, Los Alamitos (2000)
Hamed, H., Al-Shaer, E.: Taxonomy of conflicts in network security policies. IEEE Communications Magazine 44(3), 134–141 (2006)
Gouda, M.G., Liu, A.X.: Structured firewall design. Computer Networks 51(4), 1106–1120 (2007)
Al-Shaer, E., Hamed, H.: Management and translation of filtering security policies. In: IEEE Intl. Conf. on Communications, pp. 256–260. IEEE Computer Society, Los Alamitos (2003)
Yuan, L., Mai, J., Su, Z., Chen, H., Chuah, C.N., Mohapatra, P.: Fireman: A toolkit for firewall modeling and analysis. In: IEEE Symposium on Security and Privacy, pp. 199–213. IEEE Computer Society, Los Alamitos (2006)
Liu, A.X., Gouda, M.G., Ma, H.H., Ngu, A.H.: Firewall queries. In: Higashino, T. (ed.) OPODIS 2004. LNCS, vol. 3544, pp. 197–212. Springer, Heidelberg (2005)
Eronen, P., Zitting, J.: An expert system for analyzing firewall rules. In: 6th Nordic Workshop on Secure IT Systems, Technical report IMM-TR-2001-14. Technical University of Denmark (2001)
The HLFL project (consulted on 28 January 2009), http://www.hlfl.org/
The Dynamic XML firewall (consulted on 28 January 2009), http://daxfi.sourceforge.net
Guttman, J.D.: Filtering postures: local enforcement for global policies. In: IEEE Symposium on Security and Privacy, pp. 120–129. IEEE Computer Society, Los Alamitos (1997)
Moses, T.: eXtensible Access Control Markup Language, Ver. 2.0. OASIS Standard (2005)
Joshi, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access-control language for multidomain environments. IEEE Internet Computing 8(6), 40–50 (2004)
Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, S.: KAoS policy management for semantic Web Services. IEEE Intelligent Systems 19(4), 32–41 (2004)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The PONDER policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Hazelhurst, S., Fatti, A., Henwood, A.: Binary decision diagram representations of firewall and router access lists. Technical report, Department of Computer Science, University of the Witwatersrand, Johannesburg, South Africa (1998)
Fitzgerald, W.M., Foley, S.N., Foghlú, M.Ó.: Network access control interoperation using Semantic Web techniques. In: WOSIS 2008: 6th Intl. Workshop on Security in Information Systems, pp. 26–37. INSTICC Press (2008)
Knublauch, H., Fergerson, R.W., Noy, N.F., Musen, M.A.: The Protégé OWL plugin: An open development environment for Semantic Web applications. In: McIlraith, S.A., Plexousakis, D., van Harmelen, F. (eds.) ISWC 2004. LNCS, vol. 3298, pp. 229–243. Springer, Heidelberg (2004)
Sirin, E., Parsia, B., Grau, B.C., Kalyanpur, A., Katz, Y.: Pellet: A practical OWL-DL reasoner. Technical report, University of Maryland (2005)
Haarslev, V., Möller, R.: Racer: An OWL reasoning agent for the Semantic Web. In: Intl. Workshop on Applications, Products and Services of Web-based Support Systems, in conjunction with the 2003 IEEE/WIC Intl. Conf. on Web Intelligence, pp. 91–95 (2003)
Frieman-Hill, E.: Jess in Action: Java Rule-Based Systems. Manning Publications (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ghiran, AM., Silaghi, G.C., Tomai, N. (2009). Ontology-Based Tools for Automating Integration and Validation of Firewall Rules. In: Abramowicz, W. (eds) Business Information Systems. BIS 2009. Lecture Notes in Business Information Processing, vol 21. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01190-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-01190-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01189-4
Online ISBN: 978-3-642-01190-0
eBook Packages: Computer ScienceComputer Science (R0)