Abstract:
Corporate networks are often complex and can include a big number of firewalls that need to be set up and configured; it is possible that these firewalls are based on different systems and thus different languages to write the rules must be used. This makes the job of a network administrator hard since s/he needs to know a big number of languages to correctly set up and keep updated the network.
Mignis is a semantic based tool for firewall configuration developed by the security group of Ca’ Foscari. It provides a simple firewall language that is very easy to learn and use. Unfortunately Mignis is at the moment usable only for Netfilter, Linux firewalls, since its implementation translates the rules using iptables commands.
In this thesis we present a new multi-target compiler for the Mignis language, completely rewritten in order to easily support a translation of Mignis into different target languages; with this approach a network administrator can use a single language to write all the firewall rules of a network (regardless of its complexity) and then compile them into different target languages.Mignis is “a semantic based tool for firewall configuration” and allows to write firewall rules using a simple language that is very easy to learn and use. Unfortunately Mignis is at the moment usable only when the final rules are to be applied to a Netfilter firewall, since its implementation translates the rules only using iptables commands.
In this thesis we present a new compiler for the Mignis language, completely rewritten in order to easily support a translation of Mignis into different target languages; with this approach a network administrator can use only one language to write all the firewall rules of a network (regardless of its complexity) and then compile them into different target languages.
