Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Graph Visualization and Navigation in Information Visualization: A Survey
IEEE Transactions on Visualization and Computer Graphics
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Fast and scalable conflict detection for packet classifiers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Security Meter: A Practical Decision-Tree Model to Quantify Risk
IEEE Security and Privacy
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
ProgME: towards programmable network measurement
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
PolicyVis: firewall security policy visualization and inspection
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Complete analysis of configuration rules to guarantee reliable network security policies
International Journal of Information Security
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Policy segmentation for intelligent firewall testing
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Complete redundancy detection in firewalls
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
SP 800-55 Rev. 1. Performance Measurement Guide for Information Security
SP 800-55 Rev. 1. Performance Measurement Guide for Information Security
A general framework for benchmarking firewall optimization techniques
IEEE Transactions on Network and Service Management
| Hi-index | 0.00 |
Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).