Firewall Policies Definition Tools: An Implementation Idea

We present some ideas for a declarative approach to the implementation of a tool to define firewall policies. Our aim is to show how a deductive system, such as a deductive database management system, can be used to build a tool that a firewall administrator can use to define its policy. We present a firewall example only to highlight the advantages of such type of approach as a policy definition tool. The deductive database system we have used, besides the obvious deductive capabilities, has the ability of structuring the necessary knowledge into parts, the capability of composing the parts together by means of importing mechanisms and the ability to define and prove properties of the policy.

[1]  Jeffrey D. Ullman,et al.  Principles Of Database And Knowledge-Base Systems , 1979 .

[2]  Sushil Jajodia,et al.  Database security and privacy , 1996, CSUR.

[3]  Guido Moerkotte,et al.  Efficient maintenance of materialized mediated views , 1995, SIGMOD '95.

[4]  Sushil Jajodia,et al.  Managing security and privacy of information , 1996, CSUR.

[5]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[6]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[7]  Avishai Wool,et al.  Firmato: a novel firewall management toolkit , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[8]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[9]  Paola Inverardi,et al.  Graphics by a Logic Database Management System , 1994, J. Vis. Lang. Comput..