Policy Algebras for Hybrid Firewalls
Authors
Hang Zhao, Steven M. Bellovin
Abstract
Firewalls are an effective means of protecting a local system or network of systems from network-based security threats. In this paper, we propose a policy algebra framework for policy-based security management in hybrid firewalls, ones that exist both in the network and on end systems. To perform policy integration and delegation while preserving the security semantics, the policy algebra provides a formalism to perform algebraic operations on policies.We introduce the cost and risk functions associated with policy enforcement; and policy delegation triggers global optimization problem for policy enforcement. We show that our framework can be easily instantiated to support packet filter rules. Finally, the challenges and requirements are addressed for applying the policy algebra framework to dynamic coalitions like MANETs.
Publication Date
September, 2007
Venue
Annual Conference of ITA, 2007
Published To
None
Publication Type
ITA Conference paper
ITA Area
Project 2, Technical area 1
Download a copy of the paper here
algebra.pdf
Return to main page