> De : Marco Cremonini
>
> With a framework that maps policies at different logical
> levels, a partial automatic definition/verification of
> the security configuration with respect to the enterprise
> security policy (perhaps ...) could be done. We avoid
> fully automated solutions that have already proved to be
> a wrong path but still we could drive security
> configurations.


Maybe you could acheive that goal using different formal specification langages
and rules of implementation from one level to the other.

> Ok, I know that this is probably (or certainly) completely
> unrealistic because for real-world policies the complexity
> is still overwhelming, but, at least in theory, why not
> thinking to a layered security policy with every layer
> expressed with a language that people logically in charge
> of that layer can understand?


The software engineering academics have launch a "Verified Software Grand
Challenge" (http://qpq.csl.sri.com) to prove that formal theory and tools are
usable for software engineering (even big project). Maybe you could find some
support there...

Good luck!

Jean-Denis.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards