Formal security policy implementations in network firewalls

Network security should be based around formal security policies. From high-level natural language, non-technical, policies created by management, down to device and vendor specific policies, or configurations, written by network system administrators. There exists a multitude of research into policy-based network systems which has been undertaken. This paper provides an overview of the different type of policies relating to security in networks, and a taxonomy of the research into systems which have been proposed to support the network administrators in difficult tasks of creating, managing and deploying these policies.