A Semantic Firewall

The Internet is full of malicious agents looking for insecure systems they can exploit, for uses ranging from the distribution of illicit digital content to denial of service attacks on other sites. Most sites now use firewalls to prevent unsolicited access by external Internet users. However, these also prevent legitimate Grid applications from working. In response, Grid application developers are forced to use protocols previously considered safe by firewall administrators, but since crackers can also use these protocols, they must also soon be blocked at the firewall.We will develop a semantic firewall that operates in a more adaptive way to allow legitimate users to access Grid (and other) services, so avoiding the arms race that currently exists between network administrators, application developers and crackers. This will allow legitimate application developers to define policies for external access that can be implemented by network administrators (if they choose) in a way that is flexible and easy to use. The target is to relieve Grid developers from the need to implement access control in their applications, and restore control to the network administrator who can then remain responsible for preventing unwanted intrusions. Results will be released as open source to the community. In the longer term, the proposed research promises to enable innovative technology that will be pivotal for a successful future of e-Science, e-Health, e-Commerce and e-Government.