Firewall policy verification and troubleshooting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Analysis of firewall policy rules using traffic mining techniques
International Journal of Internet Protocol Technology
The margrave tool for firewall analysis
LISA'10 Proceedings of the 24th international conference on Large installation system administration
First step towards automatic correction of firewall policy faults
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Brief announcement: RedRem: a parallel redundancy remover
Proceedings of the twenty-third annual ACM symposium on Parallelism in algorithms and architectures
Split: Optimizing Space, Power, and Throughput for TCAM-Based Classification
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Firewall policy change-impact analysis
ACM Transactions on Internet Technology (TOIT)
First step towards automatic correction of firewall policy faults
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Limitation of listed-rule firewall and the design of tree-rule firewall
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Quantifying and verifying reachability for access controlled networks
IEEE/ACM Transactions on Networking (TON)
Cross-domain privacy-preserving cooperative firewall optimization
IEEE/ACM Transactions on Networking (TON)
Improving cloud network security using the Tree-Rule firewall
Future Generation Computer Systems
Hi-index | 0.00 |
Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. An error in a firewall policy either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. It has been observed that most firewall policies on the Internet are poorly designed and have many errors. Therefore, how to design firewall policies correctly is an important issue. In this paper, we propose the method of diverse firewall design, which consists of three phases: a design phase, a comparison phase, and a resolution phase. In the design phase, the same requirement specification of a firewall policy is given to multiple teams who proceed independently to design different versions of the firewall policy. In the comparison phase, the resulting multiple versions are compared with each other to detect all functional discrepancies between them. In the resolution phase, all discrepancies are resolved and a firewall that is agreed upon by all teams is generated.