Re: [fw-wiz] Security policy language








De : Marco Cremonini

With a framework that maps policies at different logical
levels, a partial automatic definition/verification of
the security configuration with respect to the enterprise
security policy (perhaps ...) could be done. We avoid
fully automated solutions that have already proved to be
a wrong path but still we could drive security
configurations.

Maybe you could acheive that goal using different formal specification langages
and rules of implementation from one level to the other.

Ok, I know that this is probably (or certainly) completely
unrealistic because for real-world policies the complexity
is still overwhelming, but, at least in theory, why not
thinking to a layered security policy with every layer
expressed with a language that people logically in charge
of that layer can understand?

The software engineering academics have launch a "Verified Software Grand
Challenge" (http://qpq.csl.sri.com) to prove that formal theory and tools are
usable for software engineering (even big project). Maybe you could find some
support there...

Good luck!

Jean-Denis.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards