Security policy language

[Marco Cremonini <cremonini () dti unimi it>]

Hi all,
     I would like to ask you a suggestion for a project we are  
developing.
The project aims to automate some monitoring functionality with  
firewall policy management (just iptables, at present).
The problem is: We would like to implement/adopt a high-level  
specification language for the definition of a security policy,  
something that should let to specify the policy at organizational  
level. Such a policy should then  be translated into specific fw rules.

I'm puzzled because it's not a new problem, but I can't find good  
references. Several standards, especially in the XML-Web Services  
area, have been proposed by W3C, OASIS etc., to define security  
policies, but to me they seem quite useless in our case since I can't  
see how and why Web Services should be integrated in this context.

I've found out that Mitre has a language, Oval (http://oval.mitre.org/ 
index.html), which could be considered, although more focused on  
vulnerability and assessment.

Otherwise, many have designed ad-hoc languages (I guess, just using  
GNU Flex&Bison or the like for their definition).

Before going for yet-another-adhoc-language I just want to ask if  
anybody knows a good standard or reference specification language.

Thank you.
Marco

===================================
Marco Cremonini
cremonini () dti unimi it
Dept. of Information Technology
University of Milan
Via Bramante 65 - 26013 Crema (CR), Italy
===================================



_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards