Firewall Wizards mailing list archives
Security policy language
From: Marco Cremonini <cremonini () dti unimi it>
Date: Wed, 24 Jan 2007 09:51:13 +0100
Hi all, I would like to ask you a suggestion for a project we are developing. The project aims to automate some monitoring functionality with firewall policy management (just iptables, at present). The problem is: We would like to implement/adopt a high-level specification language for the definition of a security policy, something that should let to specify the policy at organizational level. Such a policy should then be translated into specific fw rules. I'm puzzled because it's not a new problem, but I can't find good references. Several standards, especially in the XML-Web Services area, have been proposed by W3C, OASIS etc., to define security policies, but to me they seem quite useless in our case since I can't see how and why Web Services should be integrated in this context. I've found out that Mitre has a language, Oval (http://oval.mitre.org/ index.html), which could be considered, although more focused on vulnerability and assessment. Otherwise, many have designed ad-hoc languages (I guess, just using GNU Flex&Bison or the like for their definition). Before going for yet-another-adhoc-language I just want to ask if anybody knows a good standard or reference specification language. Thank you. Marco =================================== Marco Cremonini cremonini () dti unimi it Dept. of Information Technology University of Milan Via Bramante 65 - 26013 Crema (CR), Italy =================================== _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security policy language Marco Cremonini (Jan 24)
- Re: Security policy language Marcus J. Ranum (Jan 24)
- Re: Security policy language Tina Bird (Jan 24)
- Re: Security policy language Avishai Wool (Jan 25)
- Re: Security policy language Tina Bird (Jan 24)
- Re: Security policy language Dave Piscitello (Jan 24)
- Re: Security policy language R. DuFresne (Jan 25)
- Re: Security policy language Stephen P. Berry (Jan 24)
- Re: Security policy language Matthew Hannigan (Jan 24)
- <Possible follow-ups>
- Re: Security policy language Jean-Denis Gorin (Jan 25)
- Re: Security policy language Marcus J. Ranum (Jan 24)