Abstract
Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined filters called firewall policy. Firewall policy is designed under the instruction of security policy. A network security policy is a generic document that outlines the needs for network access permissions. And it determines how firewall filters are designed. If inconsistencies exist between security policy and firewall policy, firewall policy could not filter packets exactly, and the network protected by the firewall will be affected. To resolve this problem, we propose a method that represents security policy and firewall policy as Constraint Satisfaction Problem and constructs a consistency verification model, then uses a CSP solver to verify their consistency. We did some experiments to verify our proposed method, experimental results showed the effectiveness.KeywordsSecurity policyFirewall policyCSP problem
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
