Firewall policies definition tools: an implementation idea

We present some ideas for a declarative approach to the implementation of a tool to define firewall policies. Our aim is to show how a deductive system, such as a deductive database management system, can be used to build a tool that a firewall administrator can use to define its policy. We present a firewall example only to highlight the advantage of such type of approach as a policy definition tool. The deductive database system we have used, besides the obvious deductive capabilities, has the ability of structuring the necessary knowledge into parts, the capability of composing the parts together by means of importing mechanism and the ability to define and prove properties of the policy.