Consistency Decision Between IPv6 Firewall Policy and Security Policy
| Title | Consistency Decision Between IPv6 Firewall Policy and Security Policy |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Yin, Yi, Tateiwa, Yuichiro, Zhang, Guoqiang, Wang, Yun |
| Conference Name | 2021 4th International Conference on Information Communication and Signal Processing (ICICSP) |
| Keywords | Filtering, Firewalls (computing), IPv6 firewall policy, knowledge based systems, Network security, policy-based governance, Prototypes, pubcrawl, Regulation, security, security policies, Security Policies Analysis, security policy, SMT |
| Abstract | Firewall is the first defense line for network security. Packet filtering is a basic function in firewall, which filter network packets according to a series of rules called firewall policy. The design of firewall policy is invariably under the instruction of security policy, which is a generic guideline that lists the needs for network access permissions. The design of firewall policy should observe the regulations of security policy. However, even for IPv4 firewall policy, it is extremely difficult to keep the consistency between security policy and firewall policy. Some consistency decision methods of security policy and IPv4 firewall policy were proposed. However, the address space of IPv6 address is a very large, the existing consistency decision methods can not be directly used to deal with IPv6 firewall policy. To resolve the above problem, in this paper, we use a formal technique to decide the consistency between IPv6 firewall policy and security policy effectively and rapidly. We also developed a prototype model and evaluated the effectiveness of the proposed method. |
| DOI | 10.1109/ICICSP54369.2021.9611983 |
| Citation Key | yin_consistency_2021 |