> De : Marco Cremonini
> With a framework that maps policies at different logical
> levels, a partial automatic definition/verification of
> the security configuration with respect to the enterprise
> security policy (perhaps ...) could be done. We avoid
> fully automated solutions that have already proved to be
> a wrong path but still we could drive security
> configurations.

Maybe you could acheive that goal using different formal specification langages
and rules of implementation from one level to the other.

> Ok, I know that this is probably (or certainly) completely
> unrealistic because for real-world policies the complexity
> is still overwhelming, but, at least in theory, why not
> thinking to a layered security policy with every layer
> expressed with a language that people logically in charge
> of that layer can understand?

The software engineering academics have launch a "Verified Software Grand
Challenge" (http://qpq.csl.sri.com) to prove that formal theory and tools are
usable for software engineering (even big project). Maybe you could find some
support there...

Good luck!

firewall-wizards mailing list