Designing Reliable Web Security Systems Using Rule-Based Systems Approach
This paper shows that rule-based web security systems, such as firewalls, can be largely improved by using formal design and verification techniques. The principal idea consists of an integrated design and verification methodology, supported by an integrated graphical environment for rule-based systems development. System structure is described in a XML-based meta-level knowledge representation language. System domain knowledge and semantics is represented in RDF and Ontologies-based description. Formal properties of the system can be verified on-line by an integrated Prolog-based inference engine.
KeywordsSecurity Policy Intrusion Detection System Decision Table Principal Idea Graphical Environment
Unable to display preview. Download preview PDF.
- 3.Ligeza, A.: Logical support for design of rule-based systems. Reliability and quality issues, ECAI-96 Workshop on Validation, Verification and Refinement of Knowledge-based Systems, ECAI’96, 1996, Budapest, 28–34.Google Scholar
- 4.Ligeza, A.: Intelligent data and knowledge analysis and verification; towards a taxonomy of specific problems. In , 1999, 313–325.Google Scholar
- 5.Vermesan, A. and F. Coenen (Eds.): Validation and Verification of Knowledge Based Systems — Theory, Tools and Practice. Kluwer Academic Publishers, Boston, 1999.Google Scholar
- 6.de Hoog, R.: Methodologies for Building Knowledge-Based Systems: Achievements and Prospectus. A Chapter in .Google Scholar
- 9.Ligeza A, Wojnicki I., Nalepa G.J., Tab-Trees: a CASE tool for the design of extended tabular systems Database and expert systems applications: 12th International Conference, DEXA 2001: Munich, September 3–5, 2001,: proceedings / eds. Heinrich C. Mayr [et al.]. — Berlin: Springer, 2001. — (Lecture Notes in Computer Science; 2113).Google Scholar
- 10.Nalepa G.J., Ligeza A, Graphical CASE tools for integrated design and verification of rule-based systems, Symposium on Methods of Artificial Intelligence: proceedings/ eds. Burczynski T. [et al.], Silesian University of Technology, Polish Association for Computational Mechanics, Gliwice, 2001.Google Scholar
- 11.Wielinga B. J., Schreiber A. Th. Breuker J. A.: KADS: A modeling approach to knowledge engineering. Readings in Knowledge Acquisition and Learning, Morgan Kaufmann 1992, Los Altos, CA.Google Scholar
- 12.Lee K. J., Boley H., Tabet S.: Issues in Semantic Web-based E-Commerce and Rule Markup Languages, ICEC 2001, Workshop on Semantic Web-based E-Commerce and Rules Markup Languages, November 2nd, 2001, Vienna, Austria.Google Scholar
- 13.Roesch M., Green C.,: Snort Users Manual Snort Release: 1.9.1, http://www.snort.org — The Open Source Network Intrusion Detection System, 2002.
- 14.Ott A., Fischer-Hubner S.: The Rule Set Based Access Control (RSBAC) Framework for Linux, Karlstad University Studies, 2001, (http://www.rsbac.org).
- 15.Siminski R.: Knowledge-base verification based on the decision unit concept, Proceedings of Knowledge Engineering and Expert Systems, Z. Bubnicki and A. Grzech (Eds.), Wroclaw, 2000, Vol. II, 73–80 (in Polish).Google Scholar