TY - GEN
T1 - Automated Synthesis of Access Control Lists
AU - Liu, Xiao
AU - Holden, Brett
AU - Wu, Dinghao
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2018/6/21
Y1 - 2018/6/21
N2 - Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.
AB - Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL construction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EasyACL that synthesizes ACL rules automatically from natural language descriptions. EasyACL demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EasyACL supports multi-platform by an intermediate representation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. EasyACL enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.
UR - http://www.scopus.com/inward/record.url?scp=85049493985&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049493985&partnerID=8YFLogxK
U2 - 10.1109/ICSSA.2017.26
DO - 10.1109/ICSSA.2017.26
M3 - Conference contribution
AN - SCOPUS:85049493985
T3 - Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017
SP - 104
EP - 109
BT - Proceedings - 2017 International Conference on Software Security and Assurance, ICSSA 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 3rd International Conference on Software Security and Assurance, ICSSA 2017
Y2 - 24 July 2017 through 25 July 2017
ER -