Model checking firewall policy configurations

Authors:
Alan Jeffrey;Tagbrid Samak
Affiliations:
Security Research Department, Bell Labs, Alcatel-Lucent, Lisle, IL;School of Computing, DePaul University, Chicago, IL
Venue:
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Year:
2009

Citing 12
Cited 0

Graph-Based Algorithms for Boolean Function Manipulation

IEEE Transactions on Computers
Automata on infinite objects

Handbook of theoretical computer science (vol. B)
Temporal and modal logic

Handbook of theoretical computer science (vol. B)
A machine program for theorem-proving

Communications of the ACM
Chaff: engineering an efficient SAT solver

Proceedings of the 38th annual Design Automation Conference
Firewall Security: Policies, Testing and Performance Evaluation

COMPSAC '00 24th International Computer Software and Applications Conference
Fang: A Firewall Analysis Engine

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Firewall Design: Consistency, Completeness, and Compactness

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Modeling and Verification of IPSec and VPN Security Policies

ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Architecting the Lumeta firewall analyzer

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A Formal Model for Network-Wide Security Analysis

ECBS '08 Proceedings of the 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The use of firewalls to enforce access control policies can result in extremely complex networks. Each individual firewall may have hundreds or thousands of rules, and when combined in a network, they may result in unexpected combined behavior. To mitigate this problem, there has been recent interest in the use of model checking techniques for analyzing the behavior of firewall policy configurations, and reporting anomaltis. Existing techniques for firewall policy analysis are based on decision diagrams, most normally reduced ordered Binary Decision Diagrams (BDDs). BDDs are a rich data structure, supporting more logical operations than just solving boolean formulae. Typically, search algorithms for boolean satisfiabillty (so-called SAT-solvers) outperform BDDs. In this paper, we show that the extra structure provided by BDDs is not necessary for firewall polley analysis, and that SAT solvers are sufficient. This argument is supported both by theoretical analysis and by experimental data.