Automated Synthesis of Access Control Lists

Xiao Liu, Brett Holden, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages104-109
Number of pages6
ISBN (Electronic)9781538648087
DOIs
StatePublished - Jun 21 2018
Event3rd International Conference on Software Security and Assurance, ICSSA 2017 - Altoona, United States
Duration: Jul 24 2017Jul 25 2017

Publication series

NameProceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017

Other

Other3rd International Conference on Software Security and Assurance, ICSSA 2017
CountryUnited States
CityAltoona
Period7/24/177/25/17

Fingerprint

Access control
Encapsulation
Artificial intelligence

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Liu, X., Holden, B., & Wu, D. (2018). Automated Synthesis of Access Control Lists. In Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017 (pp. 104-109). (Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSSA.2017.26
Liu, Xiao ; Holden, Brett ; Wu, Dinghao. / Automated Synthesis of Access Control Lists. Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 104-109 (Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017).
@inproceedings{ed49b9e86e054bd78313f7df3027da77,
title = "Automated Synthesis of Access Control Lists",
abstract = "Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.",
author = "Xiao Liu and Brett Holden and Dinghao Wu",
year = "2018",
month = "6",
day = "21",
doi = "10.1109/ICSSA.2017.26",
language = "English (US)",
series = "Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "104--109",
booktitle = "Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017",
address = "United States",

}

Liu, X, Holden, B & Wu, D 2018, Automated Synthesis of Access Control Lists. in Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017. Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017, Institute of Electrical and Electronics Engineers Inc., pp. 104-109, 3rd International Conference on Software Security and Assurance, ICSSA 2017, Altoona, United States, 7/24/17. https://doi.org/10.1109/ICSSA.2017.26

Automated Synthesis of Access Control Lists. / Liu, Xiao; Holden, Brett; Wu, Dinghao.

Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017. Institute of Electrical and Electronics Engineers Inc., 2018. p. 104-109 (Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Automated Synthesis of Access Control Lists

AU - Liu, Xiao

AU - Holden, Brett

AU - Wu, Dinghao

PY - 2018/6/21

Y1 - 2018/6/21

N2 - Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.

AB - Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.

UR - http://www.scopus.com/inward/record.url?scp=85049493985&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85049493985&partnerID=8YFLogxK

U2 - 10.1109/ICSSA.2017.26

DO - 10.1109/ICSSA.2017.26

M3 - Conference contribution

AN - SCOPUS:85049493985

T3 - Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017

SP - 104

EP - 109

BT - Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Liu X, Holden B, Wu D. Automated Synthesis of Access Control Lists. In Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017. Institute of Electrical and Electronics Engineers Inc. 2018. p. 104-109. (Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017). https://doi.org/10.1109/ICSSA.2017.26