[Back]

L. Ceragioli, L. Galletta, M. Tempesta:
"From Firewalls to Functions and Back";
in: "Proceedings of the Third Italian Conference on Cyber Security", 2315; issued by: CEUR-WS.org; CEUR-Proceedings, Aachen, 2019, ISSN: 1613-0073, Paper ID 4, 13 pages.

Designing and maintaining firewall configurations is hardalso for expert system administrators. Indeed, policies are made of alarge number of rules and are written in low-level configuration languagesthat are specific to the firewall system in use. To simplify the work ofsystem administrators, some authors of the present paper proposed inprevious work a transcompilation pipeline and a tool that(i)extractsthe meaning of a real configuration by representing it into a tabular form;(ii)refactorsa configuration by removing redundant rules;(iii)portsthepolicy from a firewall system to another. Here, we extend this pipelineby proposing a new characterization that models rulesets and firewallsas functions from packets to transformations. Transformations specifywhich packets are accepted by the firewall and how they are translated.Using this functional characterization we propose two new algorithmsthat simplify the treatment of the pipeline

https://publik.tuwien.ac.at/files/publik_287960.pdf