Abstract: |
To enforce the network security policy, the network administrator has to transfer the high-level network security policy to low-level firewall configuration file. By examining a sample of the high-level network security policy and another sample of the low-level firewall configuration file, we can fairly say that there is a big gap between the high-level and low-level forms of the network security policy. The existence of this gap makes the transformation, the maintenance, the verification or even the modification of the policy is a very hard task. The original contributions of the PhD thesis are: ·introducing, applying and verifying a role-based network security (RBNS) model that acts as an intermediary-level between high-level security policy and low-level firewall configuration file. ·developing and implementing a compilation algorithm that can be used to automatically generate low-level firewall configuration file from the RBNS intermediate-level. ·designing and realizing an algorithm that verifies the equivalence between high-level and low-level forms of the security policy.
|