Overview of Project Content and Milestones
Many types of systems have different syntax for defining firewall rules, such as Cisco devices which use ACLs and Linux firewalls which use net filters (iptables). The aim of this project is to define a generic firewall syntax, such as the one used in Al-Sher (2004) [Link], and develop and evaluate a compiler which converts the generic format into the platform specific syntax. A basic outline of this has been created by Saliou (2006), and the project will enhance this into form which can be used in a security framework.
The Main Deliverable(s)
Investigation firewalls and the syntax used to define them.
Design and implementation of a full range of commands.
Evaluation of the system, especially related to key metrics such as robustness, integration with other systems, and correctness of rule.
Evaluation of firewall modelling and compression of rules.
The Target Audience for the Deliverable(s)
Network management.
Security.
The Work to be Undertaken
Investigation firewalls and the syntax used to define them.
Design and implementation of a full range of commands.
Evaluation of the system, especially related to key metrics such as robustness, integration with other systems, and correctness of rule.
Evaluation of firewall modelling and compression of rules.
Additional Information / Knowledge Required
The project will use the .NET framework with C#, and training and support will be provided.
Information Sources that Provide a Context for the Project
1. Al-Shaer et al (2004), Modelling and Management of Firewall Policies, http://www.cs.utexas.edu/users/alex/publications/citations/fdd/tnsm04.pdf [Link]
2. Lionel Saliou (2006). Visual Studio Solution for Firewall Compiler.
The Importance of the Project
The compilation of the rules will allow a generic security policy to be defined, and for this to be compiled to the required platform.
The Key Challenge(s) to be Overcome
The major challenges are in developing a range of syntax which covers the requirements, and also in the modelling of the firewall rules, and the possible compression of them.
|
