Eliza for Access Control Lists

Author:

Holden, Brett A

Area of Honors:

Security and Risk Analysis

Degree:

Bachelor of Science

Document Type:

Thesis

Thesis Supervisors:

Dinghao Wu, Thesis Supervisor
Dinghao Wu, Thesis Honors Advisor
Patrick Shih, Faculty Reader

Keywords:

eliza
programming in eliza
PiE
access control lists
acl
natural language programming
natural language translation

Abstract:

The network configuration languages used to create access control lists (ACLs) have a complex syntax of commands with tens of options, which make both construction and revision difficult. For this reason, ACLs have become a dark art. In light of this, we should find a comprehensible way to redesign the philosophy of ACL construction. Based on Eliza, the prototype of Artificial Intelligence and the subsequent work, Programming in Eliza (PiE), we propose a specific implementation of PiE for natural language programming of ACLs. PiE-ACL extends from PiE and PiE-LOGO to demonstrate the effectiveness of domain specific program synthesis. Through the use of natural language ACL rules can be constructed without using an excessive number of options or rigid syntax. In addition to ACL syntax for Cisco, PiE-ACL also supports syntax for Juniper devices as a reference for those working with multiple platforms. Furthermore, by introducing a “range” feature, we make it possible for users to apply configurations to a range of IP addresses in an abstracted batch, rather than tediously repeating commands. Lastly, PiE-ACL has reusable program code, making it easy to improve or implement in a related system. PiE-ACL enables end-users with no prior programming experience, and can shorten the learning period for experienced programmers as well.