Technical reports:
Policy Algebras for Hybrid Firewalls
Hang Zhao; Steven Michael Bellovin
Downloads:
- Title:
- Policy Algebras for Hybrid Firewalls
- Author(s):
-
Zhao, Hang
Bellovin, Steven Michael - Date:
- 2007
- Type:
- Technical reports
- Department:
- Computer Science
- Permanent URL:
- http://hdl.handle.net/10022/AC:P:29504
- Series:
- Columbia University Computer Science Technical Reports
- Part Number:
- CUCS-017-07
- Publisher:
- Department of Computer Science, Columbia University
- Publisher Location:
- New York
- Abstract:
- Firewalls are a effective means of protecting a local system or network of systems from network-based security threats. In this paper, we propose a policy algebra framework for security policy enforcement in hybrid firewalls, ones that exist both in the network and on end systems. To preserve the security semantics, the policy algebras provide a formalism to compute addition, conjunction, subtraction, and summation on rule sets; it also defines the cost and risk functions associated with policy enforcement. Policy outsourcing triggers global cost minimization. We show that our framework can easily be extended to support packet filter firewall policies. Finally, we discuss special challenges and requirements for applying the policy algebra framework to MANETs.
- Subject(s):
- Computer science
- Item views:
- 333