Checking the Expressivity of Firewall Languages

Designing and maintaining firewall configurations is hard, also for expert system administrators. Indeed, policies are made of a large number of rules and are written in low-level configuration languages that are specific to the firewall system in use. As part of a larger group, we have addressed these issues and have proposed a semantic-based transcompilation pipeline. It is supported by FWS, a tool that analyses a real configuration and ports it from a firewall system to another. To our surprise, we discovered that some configurations expressed in a real firewall system cannot be ported to another system, preserving the semantics. Here we outline the main reasons for the detected differences between the firewall languages, and describe F2F, a tool that checks if a given configuration in a system can be ported to another system, and reports its user on which parts cause problems and why.

Titolo: Checking the Expressivity of Firewall Languages
Autori: 
GALLETTA, LETTERIO
mostra contributor esterni 
Data di pubblicazione: 2019
Serie: 
LECTURE NOTES IN COMPUTER SCIENCE  
Handle: http://hdl.handle.net/20.500.11771/14621
ISBN: 978-3-030-31174-2
978-3-030-31175-9
Appare nelle tipologie:4.1 Contributo in Atti di convegno

File in questo prodotto:
FileDescrizioneTipologiaLicenza 
cat_main.pdf Documento in Pre-printNessuna licenzaAdministrator   Richiedi una copia
Utilizza questo identificativo per citare o creare un link a questo documento:
http://hdl.handle.net/20.500.11771/14621
  • Citazioni
  • PubMed Central ND
  • Scopus
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
 
 
 
Powered by IRIS-about IRIS-Utilizzo dei cookie
Logo CINECA  Copyright © 2021