University of Seville
The most important part of a firewall configuration process is the implementation of a security policy by a security administrator. However, this security policy is not designed by higher levels of the organization, nor is written anywhere, so it is very usual to make mistakes in its implementation. To solve this problem the authors propose to express this global access control policy in some informal language that is translated to a model specification in conjunction with the firewall rule set. Then, they construct a Constraint Satisfaction Problem to detect and identify the possible inconsistencies between the specified policy and the firewall rule set.