Multi‐constraint security policies for delegated firewall administration

SUMMARY This work presents a new approach to policy representation of network security. It introduces a high‐level language, where the security policies can be expressed by three policy models: mandatory, discretionary and security property. The proposed framework is capable of handling all three dimensions, being capable of generating the permissions from an abstract representation that is independent of how they are enforced, without violating the requirements of high‐level security. Each dimension can be defined by people with different roles; for example, rules of the mandatory model and of the security property model could be attributed to the personnel of risk management, while rules of the discretionary model can be delegated among the network administrators in various departments of the organization. This work also presents a mechanism to represent the features implemented by different firewall models and a mechanism for translating the abstract representation in the scripts to configure the firewalls. A formal specification of the policy model validates the refinement algorithm and a study of scalability is presented to demonstrate how the algorithm behaves in large networks. Copyright © 2011 John Wiley & Sons, Ltd.