Using Argumentation Logic for Firewall Configuration Management

Firewalls remain the main perimeter security protection for corporate networks. However, network size and complexity make firewall configuration and maintenance notoriously difficult. Tools are needed to analyze firewall configurations for errors, to verify that they correctly implement security requirements and to generate configurations from higher-level requirements. In this paper, the authors extend their previous work on the use of formal argumentation and preference reasoning for firewall policy analysis and develop means to automatically generate firewall policies from higher-level requirements.