CONFIDDENT: A model-driven consistent and non-redundant layer-3 firewall ACL design, development and maintenance framework

Design, development, and maintenance of firewall ACLs are very hard and error-prone tasks. Two of the reasons for these difficulties are, on the one hand, the big gap that exists between the access control requirements and the complex and heterogeneous firewall platforms and languages and, on the other hand, the absence of ACL design, development and maintenance environments that integrate inconsistency and redundancy diagnosis. The use of modelling languages surely helps but, although several ones have been proposed, none of them has been widely adopted by industry due to a combination of factors: high complexity, unsupported firewall important features, no integrated model validation stages, etc. In this paper, CONFIDDENT, a model-driven design, development and maintenance framework for layer-3 firewall ACLs is proposed. The framework includes different modelling stages at different abstraction levels. In this way, non-experienced administrators can use more abstract models while experienced ones can refine them to include platform-specific features. CONFIDDENT includes different model diagnosis stages where the administrators can check the inconsistencies and redundancies of their models before the automatic generation of the ACL to one of the many of the market-leader firewall platforms currently supported.

► In this paper we propose CONFIDDENT, a Model-Driven firewall design and maintenance framework which can satisfy a wide spectrum of firewall administrators though several modelling stages, each with a different abstraction level. ► CONFIDDENT provides abstraction in both platform functionality and language syntax. CONFIDDENT is the most complete modelling firewall framework of the reviewed ones. ► CONFIDDENT includes a fault diagnosis stage at each modelling level. Diagnosis can even be run interactively while modelling (even during model maintenance) if algorithms are efficient enough. Due to these stages, the administrator is able to correct these faults during modelling, and not in the generated ACL, which contributes to reduce the time and budget spent on this task. ► Through the use of complete meta-models for each of the supported firewall platforms, a direct import of firewall-specific ACLs with no information loss is possible via an inverse transformation. ► CONFIDDENT provides both a new level of administrator productivity and a new level of confidence on the ACLs.