Internet packet filter management and rectangle geometry
SODA '01 Proceedings of the twelfth annual ACM-SIAM symposium on Discrete algorithms
IEEE Transactions on Visualization and Computer Graphics
PortVis: a tool for port-based detection of security events
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Modeling and Verification of IPSec and VPN Security Policies
ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
Visual Firewall: Real-time Network Security Monito
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Preserving the Big Picture: Visual Network Traffic Analysis with TN
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Interactively combining 2D and 3D visualization for network traffic monitoring
Proceedings of the 3rd international workshop on Visualization for computer security
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Policy segmentation for intelligent firewall testing
NPSEC'05 Proceedings of the First international conference on Secure network protocols
OPODIS'04 Proceedings of the 8th international conference on Principles of Distributed Systems
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
ENAVis: enterprise network activities visualization
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Security audits of multi-tier virtual infrastructures in public infrastructure clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
FAME: a firewall anomaly management environment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Managing networks through context: Graph visualization and exploration
Computer Networks: The International Journal of Computer and Telecommunications Networking
Could firewall rules be public – a game theoretical perspective
Security and Communication Networks
Visual analysis of complex firewall configurations
Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Aluminum: principled scenario exploration through minimality
Proceedings of the 2013 International Conference on Software Engineering
| Hi-index | 0.00 |
Firewalls have an important role in network security. However, managing firewall policies is an extremely complex task because the large number of interacting rules in single or distributed firewalls significantly increases the possibility of policy misconfiguration and network vulnerabilities. Moreover, due to low-level representation of firewall rules, the semantic of firewall policies become very incomprehensible, which makes inspecting of firewall policy's properties a difficult and error-prone task. In this paper, we propose a tool called PolicyVis which visualizes firewall rules and policies in such a way that efficiently enhances the understanding and inspecting firewall policies. Unlike previous works that attempt to validate or inspect firewall rules based on specific queries or errors, our approach is to visualize firewall policies to enable the user to place general inquiry such as "does my policy do what I intend to do" unrestrictedly. We describe the design principals in PolicyVis and provide concepts and examples dealing with firewall policy's properties, rule anomalies and distributed firewalls. As a result, PolicyVis considerably simplifies the management of firewall policies and hence effectively improves the network security.