Designing and maintaining firewall configurations is hard, also for expert system administrators. Indeed, policies are made of a large number of rules and are written in low-level configuration languages that are specific to the firewall system in use. As part of a larger group, we have addressed these issues and have proposed a semantic-based transcompilation pipeline. It is supported by FWS, a tool that analyses a real configuration and ports it from a firewall system to another. To our surprise, we discovered that some configurations expressed in a real firewall system cannot be ported to another system, preserving the semantics. Here we outline the main reasons for the detected differences between the firewall languages, and describe F2F, a tool that checks if a given configuration in a system can be ported to another system, and reports its user on which parts cause problems and why.
Titolo: | Checking the Expressivity of Firewall Languages |
Autori: | |
Data di pubblicazione: | 2019 |
Serie: | |
Handle: | http://hdl.handle.net/20.500.11771/14621 |
ISBN: | 978-3-030-31174-2 978-3-030-31175-9 |
Appare nelle tipologie: | 4.1 Contributo in Atti di convegno |
File in questo prodotto:
File | Descrizione | Tipologia | Licenza | |
---|---|---|---|---|
cat_main.pdf | Documento in Pre-print | Nessuna licenza | Administrator Richiedi una copia |