Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Fast and Scalable Conflict Detection for Packet Classifiers
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Automatic analysis of firewall and network intrusion detection system configurations
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Scalable packet classification
IEEE/ACM Transactions on Networking (TON)
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
As a traditional technique of information security, distributed firewall has taken very important position, while problems remain. Correct configuration of distributed firewall policies and keeping individual firewall filter decisions compatible to each other are quite inconvenient for administrators. To realize the comparison between firewalls' policies, this paper provide FPT(firewall policy tree) model, and the construction algorithm which can turn a firewall policy into a policy tree, as well as the comparison algorithm. Combination of the two algorithms can be used to perform a comparison between distributed firewalls' policies. By doing this, the paper can obtain the set of data packages on which different firewalls have made inconsistent filter decision, and find out the inconsistency in distributed firewall policies. Besides, this model could be extended to package classification systems for policies comparison.