Safe and efficient strategies for updating firewall policies

Authors:
Zeeshan Ahmed;Abdessamad Imine;Michaël Rusinowitch
Affiliations:
INRIA Nancy Grand Est;INRIA Nancy Grand Est & Nancy-Université, France;INRIA Nancy Grand Est
Venue:
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Year:
2010

Citing 10
Cited 0

Fast and Scalable Conflict Detection for Packet Classifiers

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Permutation Editing and Matching via Embeddings

ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
ACLA: A framework for Access Control List (ACL) Analysis and Optimization

Proceedings of the IFIP TC6/TC11 International Conference on Communications and Multimedia Security Issues of the New Century
Fast Firewall Implementations for Software and Hardware-Based Routers

ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Firewall Design: Consistency, Completeness, and Compactness

ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Dynamic rule-ordering optimization for high-speed firewall filtering

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
On the Safety and Efficiency of Firewall Policy Deployment

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Modeling and Management of Firewall Policies

IEEE Transactions on Network and Service Management
Change-impact analysis of firewall policies

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. When activated in online mode, a firewall policy deployment is a very difficult and error-prone task. Indeed, it may result in self-Denial of Service (self-DoS) and/or temporary security breaches. In this paper, we provide correct, efficient and safe algorithms for two important classes of policy editing. Our experimental results show that these algorithms are fast and can be used safely even for deploying large policies.