dc.creator | Pozo Hidalgo, Sergio | es |
dc.creator | Ceballos Guerrero, Rafael | es |
dc.creator | Martínez Gasca, Rafael | es |
dc.date.accessioned | 2022-02-15T12:04:39Z | |
dc.date.available | 2022-02-15T12:04:39Z | |
dc.date.issued | 2009 | |
dc.identifier.citation | Pozo Hidalgo, S., Ceballos Guerrero, R. y Martínez Gasca, R. (2009). Model-Based Development of firewall rule sets: Diagnosing model inconsistencies. Information and Software Technology, 51 (5), 894-915. | |
dc.identifier.issn | 0950-5849 | es |
dc.identifier.uri | https://hdl.handle.net/11441/129978 | |
dc.description.abstract | The design and management of firewall rule sets is a very difficult and error-prone task because of the
difficulty of translating access control requirements into complex low-level firewall languages. Although
high-level languages have been proposed to model firewall access control lists, none has been widely
adopted by the industry. We think that the main reason is that their complexity is close to that of many
existing low-level languages. In addition, none of the high-level languages that automatically generate
firewall rule sets verifies the model prior to the code-generation phase. Error correction in the early
stages of the development process is cheaper compared to the cost associated with correcting errors in
the production phase. In addition, errors generated in the production phase usually have a huge impact
on the reliability and robustness of the generated code and final system.
In this paper, we propose the application of the ideas of Model-Based Development to firewall access control
list modelling and automatic rule set generation. First, an analysis of the most widely used firewall
languages in the industry is conducted. Next, a Platform-Independent Model for firewall ACLs is proposed.
This model is the result of exhaustive analysis and of a discussion of different alternatives for models
in a bottom-up methodology. Then, it is proposed that a verification stage be added in the early stages
of the Model-Based Development methodology, and a polynomial time complexity process and algorithms
are proposed to detect and diagnose inconsistencies in the Platform-Independent Model. Finally,
a theoretical complexity analysis and empirical tests with real models were conducted, in order to prove
the feasibility of our proposal in real environments. | es |
dc.format | application/pdf | es |
dc.format.extent | 22 | es |
dc.language.iso | eng | es |
dc.publisher | Elsevier | es |
dc.relation.ispartof | Information and Software Technology, 51 (5), 894-915. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | MBE | es |
dc.subject | Firewalls | es |
dc.subject | Consistency | es |
dc.subject | Validation | es |
dc.subject | Model | es |
dc.title | Model-Based Development of firewall rule sets: Diagnosing model inconsistencies | es |
dc.type | info:eu-repo/semantics/article | es |
dc.type.version | info:eu-repo/semantics/publishedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.publisherversion | https://www.sciencedirect.com/science/article/pii/S0950584908000785?via%3Dihub | es |
dc.identifier.doi | 10.1016/j.infsof.2008.05.001 | es |
dc.journaltitle | Information and Software Technology | es |
dc.publication.volumen | 51 | es |
dc.publication.issue | 5 | es |
dc.publication.initialPage | 894 | es |
dc.publication.endPage | 915 | es |
dc.identifier.sisius | 6717333 | es |