Problem As a result,firewall rules are hard to specify correctly hard to understand correctly hard to change correctly ■ Consequently,firewall configuration errors are common -Most firewalls are poorly designed with errors [Wool04] Firewall errors are unacceptable -Accept malicious packets:lose security -Discard legitimate packets:disrupt business Problem:How to design firewalls? 66 Problem As a result, firewall rules are hard to specify correctly hard to understand correctly hard to change correctly Consequently, firewall configuration errors are common ─ Most firewalls are poorly designed with errors [Wool'04] Firewall errors are unacceptable ─ Accept malicious packets: lose security ─ Discard legitimate packets: disrupt business Problem: How to design firewalls?