Re: [fw-wiz] Security policy language

De : Marco Cremonini

With a framework that maps policies at different logical
levels, a partial automatic definition/verification of
the security configuration with respect to the enterprise
security policy (perhaps ...) could be done. We avoid
fully automated solutions that have already proved to be
a wrong path but still we could drive security

Maybe you could acheive that goal using different formal specification langages
and rules of implementation from one level to the other.

Ok, I know that this is probably (or certainly) completely
unrealistic because for real-world policies the complexity
is still overwhelming, but, at least in theory, why not
thinking to a layered security policy with every layer
expressed with a language that people logically in charge
of that layer can understand?

The software engineering academics have launch a "Verified Software Grand
Challenge" ( to prove that formal theory and tools are
usable for software engineering (even big project). Maybe you could find some
support there...

Good luck!

firewall-wizards mailing list