DeepAI AI Chat
Log In Sign Up

Systematic review of automatic translation of high-level security policy into firewall rules

by   Ivan Kovačević, et al.

Firewalls are security devices that perform network traffic filtering. They are ubiquitous in the industry and are a common method used to enforce organizational security policy. Security policy is specified on a high level of abstraction, with statements such as "web browsing is allowed only on workstations inside the office network", and needs to be translated into low-level firewall rules to be enforceable. There has been a lot of work regarding optimization, analysis and platform independence of firewall rules, but an area that has seen much less success is automatic translation of high-level security policies into firewall rules. In addition to improving rules' readability, such translation would make it easier to detect errors.This paper surveys of over twenty papers that aim to generate firewall rules according to a security policy specified on a higher level of abstraction. It also presents an overview of similar features in modern firewall systems. Most approaches define specialized domain languages that get compiled into firewall rule sets, with some of them relying on formal specification, ontology, or graphical models. The approaches' have improved over time, but there are still many drawbacks that need to be solved before wider application.


page 1

page 2

page 3

page 4


Semantics-Recovering Decompilation through Neural Machine Translation

Decompilation transforms low-level program languages (PL) (e.g., binary ...

Misconfiguration Management of Network Security Components

Many companies and organizations use firewalls to control the access to ...

A High-Level Rule-based Language for Software Defined Network Programming based on OpenFlow

This paper proposes XML-Defined Network policies (XDNP), a new high-leve...

Compilation as a Typed EDSL-to-EDSL Transformation

This article is about an implementation and compilation technique that i...

A Policy Editor for Semantic Sensor Networks

An important use of sensors and actuator networks is to comply with heal...

How Macroeconomists Lost Control of Stabilization Policy: Towards Dark Ages

This paper is a study of the history of the transplant of mathematical t...

Modeling Target-side Inflection in Placeholder Translation

Placeholder translation systems enable the users to specify how a specif...