Platform-Independent Firewall Policy Representation

This paper discusses the design of abstract firewall model along with platform-independent policy definition language. The paper also discusses the main design challenges and solutions to these challenges, as well as examines several differences in policy semantics between vendors and how it could be mapped to one's platform-independent language. The paper also touches upon a processing model, describing the mechanism by which an abstract policy could be compiled into a concrete firewall policy syntax. The paper discusses briefly some future research directions, such as policy optimization and validation.