Title: Survey on the Use of Formal Languages/Models for the Specification, Verification, and Enforcement of Network Access-lists
Published: April 2006
Authors: Adel El-Atawy
Abstract: Complexity of access-lists and the diversity of their specifications are continuously increasing. Stating the high level requirements as well as verification of the implemented policies became an impossible task if human intervention is required. Also, proving the soundness of these inter-related and confusing policies is very hard without an appropriate framework. Therefore, a formal and canonical specification for security access-lists is highly needed for us to be able to specify requirements, verify correctness and enforce the policy.

In this paper, we present some of the work available in the literature that discusses these problems and propose solutions for having an automated network security policy management.
Keywords: Security Policy, Formal Models, Access Control, Access List
Full Paper: [pdf]