Abstract
Computer applications are becoming more and more advanced, pushing
the evolution of security mechanisms in computer networks. For two
decades one of the most widespread and efficient security mechanisms
has been the network firewall. To keep up with the ever changing threat landscape, more security features than ever before has been implemented into the firewall, creating a new generation of firewalls named the next-generation.
The increasing amount of next-generation firewalls hitting the commercial market, shows that most vendors have their own definition of what features a next-generation firewall should hold. While most traditional firewalls generally operate by utilizing the same properties, such a common platform has yet to be established among next-generation firewalls.
By gathering features from various next-generation firewall products, the possibilites for a common platform is investigated. This platform forms the basis for a universal high-level language, a language designed to build and deploy security policies across vendor platforms.
To show how this universal language can be used in a real world setting, an expandable software prototype tool has been developed, designed to convert policies written in the universal language to operational policies used in firewalls. Investigation of language qualities, as well as significant differences between the prototype and vendor vendor tools, are measured and analysed through a series of experiments.