Home

Policy Algebras for Hybrid Firewalls

Hang Zhao; Steven Michael Bellovin

Title:
Policy Algebras for Hybrid Firewalls
Author(s):
Zhao, Hang
Bellovin, Steven Michael
Date:
Type:
Technical reports
Department:
Computer Science
Permanent URL:
Series:
Columbia University Computer Science Technical Reports
Part Number:
CUCS-017-07
Publisher:
Department of Computer Science, Columbia University
Publisher Location:
New York
Abstract:
Firewalls are a effective means of protecting a local system or network of systems from network-based security threats. In this paper, we propose a policy algebra framework for security policy enforcement in hybrid firewalls, ones that exist both in the network and on end systems. To preserve the security semantics, the policy algebras provide a formalism to compute addition, conjunction, subtraction, and summation on rule sets; it also defines the cost and risk functions associated with policy enforcement. Policy outsourcing triggers global cost minimization. We show that our framework can easily be extended to support packet filter firewall policies. Finally, we discuss special challenges and requirements for applying the policy algebra framework to MANETs.
Subject(s):
Computer science
Item views:
393
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use