We present some ideas for a declarative approach to the implementation of a tool to define firewall policies. Our aim is to show how a deductive system, such as a deductive database management system, can be used to build a tool that a firewall administrator can use to define its policy. We present a firewall example only to highlight the advantage of such type of approach as a policy definition tool. The deductive database system we have used, besides the obvious deductive capabilities, has the ability of structuring the necessary knowledge into parts, the capability of composing the parts together by means of importing mechanism and the ability to define and prove properties of the policy.
Firewall policies definition tools: an implementation idea
Asirelli P;Fabbrini F
1999
Abstract
We present some ideas for a declarative approach to the implementation of a tool to define firewall policies. Our aim is to show how a deductive system, such as a deductive database management system, can be used to build a tool that a firewall administrator can use to define its policy. We present a firewall example only to highlight the advantage of such type of approach as a policy definition tool. The deductive database system we have used, besides the obvious deductive capabilities, has the ability of structuring the necessary knowledge into parts, the capability of composing the parts together by means of importing mechanism and the ability to define and prove properties of the policy.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_238137-doc_142910.pdf
accesso aperto
Descrizione: Firewall policies definition tools: an implementation idea
Tipologia:
Versione Editoriale (PDF)
Dimensione
770.92 kB
Formato
Adobe PDF
|
770.92 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
