The Open UniversitySkip to content

Using Argumentation Logic for Firewall Policy Specification and Analysis

Bandara, Arosha K.; Kakas, Antonis; Lupu, Emil C. and Russo, Alessandra (2006). Using Argumentation Logic for Firewall Policy Specification and Analysis. In: Lecture Notes in Computer Science, 4269 pp. 185–196.

Full text available as:
PDF (Not Set) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (134kB)
DOI (Digital Object Identifier) Link:
Google Scholar: Look up in Google Scholar


Firewalls are important perimeter security mechanisms that imple-ment an organisation's network security requirements and can be notoriously difficult to configure correctly. Given their widespread use, it is crucial that network administrators have tools to translate their security requirements into firewall configuration rules and ensure that these rules are consistent with each other. In this paper we propose an approach to firewall policy specification and analysis that uses a formal framework for argumentation based preference reasoning. By allowing administrators to define network abstractions (e.g. subnets, protocols etc) security requirements can be specified in a declarative manner using high-level terms. Also it is possible to specify preferences to express the importance of one requirement over another. The use of a formal framework means that the security requirements defined can be automatically analysed for inconsistencies and firewall configurations can be automatically generated. We demonstrate that the technique allows any inconsistency property, including those identified in previous research, to be specified and automatically checked and the use of an argumentation reasoning framework provides administrators with information regarding the causes of the inconsistency.

Item Type: Conference or Workshop Item
ISSN: 0302-9743
Extra Information: The original publication is available at
Keywords: firewall; policy analysis; security policy; argumentation logic
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group: Centre for Research in Computing (CRC)
Item ID: 6891
Depositing User: Arosha Bandara
Date Deposited: 09 Mar 2007
Last Modified: 07 Dec 2018 11:39
Share this page:


Altmetrics from Altmetric

Citations from Dimensions

Download history for this item

These details should be considered as only a guide to the number of downloads performed manually. Algorithmic methods have been applied in an attempt to remove automated downloads from the displayed statistics but no guarantee can be made as to the accuracy of the figures.

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU