Using Argumentation Logic for Firewall Policy Specification and Analysis View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2006

AUTHORS

Arosha K. Bandara , Antonis Kakas , Emil C. Lupu , Alessandra Russo

ABSTRACT

Firewalls are important perimeter security mechanisms that imple-ment an organisation’s network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency. More... »

PAGES

185-196

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/11907466_16

DOI

http://dx.doi.org/10.1007/11907466_16

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1007019116


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0802", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computation Theory and Mathematics", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, SW7 2AZ, London", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, SW7 2AZ, London"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Bandara", 
        "givenName": "Arosha K.", 
        "id": "sg:person.014374605725.58", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014374605725.58"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, University of Cyprus, Cyprus", 
          "id": "http://www.grid.ac/institutes/grid.6603.3", 
          "name": [
            "Department of Computer Science, University of Cyprus, Cyprus"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Kakas", 
        "givenName": "Antonis", 
        "id": "sg:person.015420665637.71", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015420665637.71"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, SW7 2AZ, London", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, SW7 2AZ, London"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lupu", 
        "givenName": "Emil C.", 
        "id": "sg:person.013404167044.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computing, Imperial College London, SW7 2AZ, London", 
          "id": "http://www.grid.ac/institutes/grid.7445.2", 
          "name": [
            "Department of Computing, Imperial College London, SW7 2AZ, London"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Russo", 
        "givenName": "Alessandra", 
        "id": "sg:person.016530745554.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016530745554.01"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2006", 
    "datePublishedReg": "2006-01-01", 
    "description": "Firewalls are important perimeter security mechanisms that imple-ment an organisation\u2019s network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency.", 
    "editor": [
      {
        "familyName": "State", 
        "givenName": "Radu", 
        "type": "Person"
      }, 
      {
        "familyName": "van der Meer", 
        "givenName": "Sven", 
        "type": "Person"
      }, 
      {
        "familyName": "O\u2019Sullivan", 
        "givenName": "Declan", 
        "type": "Person"
      }, 
      {
        "familyName": "Pfeifer", 
        "givenName": "Tom", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/11907466_16", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-540-47659-7", 
        "978-3-540-47662-7"
      ], 
      "name": "Large Scale Management of Distributed Systems", 
      "type": "Book"
    }, 
    "keywords": [
      "network security requirements", 
      "security requirements", 
      "policy specification", 
      "formal framework", 
      "security mechanisms", 
      "preference reasoning", 
      "network administrators", 
      "declarative manner", 
      "high-level terms", 
      "firewall configurations", 
      "reasoning framework", 
      "configuration rules", 
      "argumentation logic", 
      "requirements", 
      "framework", 
      "specification", 
      "firewall", 
      "administrators", 
      "rules", 
      "reasoning", 
      "logic", 
      "widespread use", 
      "inconsistencies", 
      "information", 
      "tool", 
      "previous research", 
      "use", 
      "technique", 
      "argumentation", 
      "research", 
      "configuration", 
      "manner", 
      "terms", 
      "preferences", 
      "analysis", 
      "importance", 
      "mechanism", 
      "properties", 
      "cause", 
      "paper", 
      "approach"
    ], 
    "name": "Using Argumentation Logic for Firewall Policy Specification and Analysis", 
    "pagination": "185-196", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1007019116"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/11907466_16"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/11907466_16", 
      "https://app.dimensions.ai/details/publication/pub.1007019116"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-09-02T16:16", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220902/entities/gbq_results/chapter/chapter_450.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/11907466_16"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/11907466_16'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/11907466_16'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/11907466_16'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/11907466_16'


 

This table displays all metadata directly associated to this object as RDF triples.

143 TRIPLES      22 PREDICATES      67 URIs      59 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/11907466_16 schema:about anzsrc-for:08
2 anzsrc-for:0802
3 anzsrc-for:0803
4 schema:author N8fe5975194c94791a2bf5e55e9f3acf5
5 schema:datePublished 2006
6 schema:datePublishedReg 2006-01-01
7 schema:description Firewalls are important perimeter security mechanisms that imple-ment an organisation’s network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency.
8 schema:editor Nd7b91953b5d34f0b9448b9d3de93309d
9 schema:genre chapter
10 schema:isAccessibleForFree true
11 schema:isPartOf N9d863212d6f84ec2b34c43447e7d6b46
12 schema:keywords administrators
13 analysis
14 approach
15 argumentation
16 argumentation logic
17 cause
18 configuration
19 configuration rules
20 declarative manner
21 firewall
22 firewall configurations
23 formal framework
24 framework
25 high-level terms
26 importance
27 inconsistencies
28 information
29 logic
30 manner
31 mechanism
32 network administrators
33 network security requirements
34 paper
35 policy specification
36 preference reasoning
37 preferences
38 previous research
39 properties
40 reasoning
41 reasoning framework
42 requirements
43 research
44 rules
45 security mechanisms
46 security requirements
47 specification
48 technique
49 terms
50 tool
51 use
52 widespread use
53 schema:name Using Argumentation Logic for Firewall Policy Specification and Analysis
54 schema:pagination 185-196
55 schema:productId N0c1d2935730c41bdaef2c64f6cdb65d6
56 N4d98c616142941b2bca219a2d551d496
57 schema:publisher Nd925ad86a5d04daa892fb32392732fe8
58 schema:sameAs https://app.dimensions.ai/details/publication/pub.1007019116
59 https://doi.org/10.1007/11907466_16
60 schema:sdDatePublished 2022-09-02T16:16
61 schema:sdLicense https://scigraph.springernature.com/explorer/license/
62 schema:sdPublisher N33e51519af6042f1bdfe84ce4e02615c
63 schema:url https://doi.org/10.1007/11907466_16
64 sgo:license sg:explorer/license/
65 sgo:sdDataset chapters
66 rdf:type schema:Chapter
67 N0c1d2935730c41bdaef2c64f6cdb65d6 schema:name doi
68 schema:value 10.1007/11907466_16
69 rdf:type schema:PropertyValue
70 N1c620a7ae58d457490087961321f3d82 schema:familyName State
71 schema:givenName Radu
72 rdf:type schema:Person
73 N297eccdbc8c34456a4ad0c498f5bf6a2 rdf:first sg:person.015420665637.71
74 rdf:rest N4e0266f922d24d2bb47bb444395ae6a5
75 N33e51519af6042f1bdfe84ce4e02615c schema:name Springer Nature - SN SciGraph project
76 rdf:type schema:Organization
77 N46ea3619b21a4e829b767e04b42ba085 rdf:first Ne58668751070427e98bf3b3336dc76d9
78 rdf:rest N78ff5db45986454186b5cc964c291e93
79 N4d98c616142941b2bca219a2d551d496 schema:name dimensions_id
80 schema:value pub.1007019116
81 rdf:type schema:PropertyValue
82 N4e0266f922d24d2bb47bb444395ae6a5 rdf:first sg:person.013404167044.28
83 rdf:rest N51680e3fb6744785a8cb36fa9bcaae55
84 N51680e3fb6744785a8cb36fa9bcaae55 rdf:first sg:person.016530745554.01
85 rdf:rest rdf:nil
86 N78ff5db45986454186b5cc964c291e93 rdf:first Na51e4ddb8dcf4b0ab02af92701a4979d
87 rdf:rest Nfedc1fe508a54421897b438b5e29e566
88 N8fe5975194c94791a2bf5e55e9f3acf5 rdf:first sg:person.014374605725.58
89 rdf:rest N297eccdbc8c34456a4ad0c498f5bf6a2
90 N9d863212d6f84ec2b34c43447e7d6b46 schema:isbn 978-3-540-47659-7
91 978-3-540-47662-7
92 schema:name Large Scale Management of Distributed Systems
93 rdf:type schema:Book
94 Na51e4ddb8dcf4b0ab02af92701a4979d schema:familyName O’Sullivan
95 schema:givenName Declan
96 rdf:type schema:Person
97 Nab53e923deeb40c7bc25f9b78abb4fa4 schema:familyName Pfeifer
98 schema:givenName Tom
99 rdf:type schema:Person
100 Nd7b91953b5d34f0b9448b9d3de93309d rdf:first N1c620a7ae58d457490087961321f3d82
101 rdf:rest N46ea3619b21a4e829b767e04b42ba085
102 Nd925ad86a5d04daa892fb32392732fe8 schema:name Springer Nature
103 rdf:type schema:Organisation
104 Ne58668751070427e98bf3b3336dc76d9 schema:familyName van der Meer
105 schema:givenName Sven
106 rdf:type schema:Person
107 Nfedc1fe508a54421897b438b5e29e566 rdf:first Nab53e923deeb40c7bc25f9b78abb4fa4
108 rdf:rest rdf:nil
109 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
110 schema:name Information and Computing Sciences
111 rdf:type schema:DefinedTerm
112 anzsrc-for:0802 schema:inDefinedTermSet anzsrc-for:
113 schema:name Computation Theory and Mathematics
114 rdf:type schema:DefinedTerm
115 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
116 schema:name Computer Software
117 rdf:type schema:DefinedTerm
118 sg:person.013404167044.28 schema:affiliation grid-institutes:grid.7445.2
119 schema:familyName Lupu
120 schema:givenName Emil C.
121 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013404167044.28
122 rdf:type schema:Person
123 sg:person.014374605725.58 schema:affiliation grid-institutes:grid.7445.2
124 schema:familyName Bandara
125 schema:givenName Arosha K.
126 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014374605725.58
127 rdf:type schema:Person
128 sg:person.015420665637.71 schema:affiliation grid-institutes:grid.6603.3
129 schema:familyName Kakas
130 schema:givenName Antonis
131 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015420665637.71
132 rdf:type schema:Person
133 sg:person.016530745554.01 schema:affiliation grid-institutes:grid.7445.2
134 schema:familyName Russo
135 schema:givenName Alessandra
136 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016530745554.01
137 rdf:type schema:Person
138 grid-institutes:grid.6603.3 schema:alternateName Department of Computer Science, University of Cyprus, Cyprus
139 schema:name Department of Computer Science, University of Cyprus, Cyprus
140 rdf:type schema:Organization
141 grid-institutes:grid.7445.2 schema:alternateName Department of Computing, Imperial College London, SW7 2AZ, London
142 schema:name Department of Computing, Imperial College London, SW7 2AZ, London
143 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...