The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Formalizing Enterprise Firewall Management with Informal and Elastic Specifications

Research Areas: Network Security

Principal Investigator: Xiaokang Qiu

Managing enterprise network firewalls is an ad-hoc process today where administrators must extract policy relevant to their enterprises from thousands of natural language vendor documents and tailor them to their unique context. This project aims to achieve formal management of enterprise firewall policy when specifications are informal and incomplete. As the first step, we plan to design a domain specific language to describe elastic firewall specifications and develop a formal semantics for the language so that network operators can interactively describe their specifications and enterprise configurations can be formally and systematically checked.

 

Personnel

Other PIs: Sanjay Rao

Students: Chenan Wen Yizhan Qing

Keywords: firewall configuration; vendor documentation; large language models; network verification