ACLA: A Framework for Access Control List (ACL) Analysis and Optimization

Qian, Jingyu

doi:10.1007/978-0-387-35413-2_18

Cited by 31 publications

(14 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This work has formalized types of conflicts in firewall policies and provided a variety of fast and efficient algorithms to detect them. Going one step further, researchers have proposed optimization algorithms to generate more concise and efficient firewall policies, using techniques like address/port combination and performance tuning based on traffic analysis [31,22,11]. All this research is orthogonal to our work, and can be applied to improve the quality of firewall policies before they are deployed.…”

Section: Related Workmentioning

confidence: 99%

“…To address the policy specification problem, policy provisioning and management have received a great deal of attention [16,26,21], as have conflict detection [13,20,15,14,38] and optimization [31,22,11]. In parallel with this academic research, firewall management tools such as Cisco Security Manager [4], Juniper Networks' Netscreen-Security Manager [8], and Check Point SmartCenter [1] have gained popularity with network administrators.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

On the Safety and Efficiency of Firewall Policy Deployment

Zhang

Winslett

Gunter

2007

2007 IEEE Symposium on Security and Privacy (SP '07)

View full text Add to dashboard Cite

Firewall policy management is challenging and error-prone. While ample research has led to tools for policy specification, correctness analysis, and optimization, few researchers have paid attention to firewall policy deployment: the process where a management tool edits a firewall's configuration to make it run the policies specified in the tool. In this paper, we provide the first formal definition and theoretical analysis of safety in firewall policy deployment. We show that naive deployment approaches can easily create a temporary security hole by permitting illegal traffic, or interrupt service by rejecting legal traffic during the deployment. We define safe and most-efficient deployments, and introduce the shuffling theorem as a formal basis for constructing deployment algorithms and proving their safety. We present efficient algorithms for constructing most-efficient deployments in popular policy editing languages. We show that in certain widelyinstalled policy editing languages, a safe deployment is not always possible. We also show how to leverage existing diff algorithms to guarantee a safe, mostefficient, and monotonic deployment in other editing languages.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

On the Safety and Efficiency of Firewall Policy Deployment

Zhang

Winslett

Gunter

2007

2007 IEEE Symposium on Security and Privacy (SP '07)

View full text Add to dashboard Cite

show abstract

“…For this proposal instantiation, the following features will be considered in the assessment of a candidate solution CM i : (i) type 1]). Each one of these aspects has an associated weight w ∈ [0, 1] in the general candidate fitness Eq.…”

Section: Fitness Functionmentioning

confidence: 99%

“…We define the measured risk level value as RL(A i , T j ) ∈ [1,10], where 1 is the lowest risk value and 10 the highest risk value that can be measured.…”

Section: Risk Analysis Modulementioning

confidence: 99%

Dynamic counter-measures for risk-based access control systems: An evolutive approach

Díaz-López

Dólera-Tormo

Mármol³

et al. 2016

Future Generation Computer Systems

View full text Add to dashboard Cite

“…At a first glance, this problem is related to access control, one of the common techniques is to make use of an Access Control List (ACL) (Barkley 1997, Li et al 2002, Qian 2001, Stiegler 1979) which states clearly which user is allowed to access which resources (documents) together with the allowable operations (e.g. read, write, delete) in the form of a data structure (e.g.…”

Section: Introductionmentioning

confidence: 99%

Sharing and access right delegation for confidential documents: A practical solution

Yiu¹,

Yiu²,

Lee³

et al. 2006

Information & Management

View full text Add to dashboard Cite

Follow this and additional works at: http://aisel.aisnet.org/acis2004This material is brought to you by the Australasian (ACIS) at AIS Electronic Library (AISeL Abstract This paper addresses a practical problem in Document Management Systems for which no existing solution is available in the market. To store confidential documents in a Document Management System, a common approach is to keep only the encrypted version of the documents to ensure the confidentiality of the contents.However, how to share these encrypted documents and how to delegate the access rights of these documents are not straightforward while these operations are common in most companies. In this paper, we discuss the issues related to this problem and provide a practical and easy-to-implement solution for solving the problem. Our solution has been shown to be feasible by a prototype implementation. We also show how to extend our solution to take advantage of the hierarchical structure of a company to make it more scalable. As a remark, this problem was initiated by a local company based on its actual needs to fulfil a set of business objectives and requirements.

show abstract

ACLA: A Framework for Access Control List (ACL) Analysis and Optimization

Cited by 31 publications

References 9 publications

On the Safety and Efficiency of Firewall Policy Deployment

On the Safety and Efficiency of Firewall Policy Deployment

Dynamic counter-measures for risk-based access control systems: An evolutive approach

Sharing and access right delegation for confidential documents: A practical solution

Contact Info

Product

Resources

About