Range searching and point location among fat objects
Journal of Algorithms
Algorithms for Improving the Dependability of Firewall and Filter Rule Lists
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Algorithms for routing lookups and packet classification
Algorithms for routing lookups and packet classification
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Topological transformation approaches to optimizing TCAM-based packet classification systems
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Firewall policy verification and troubleshooting
Computer Networks: The International Journal of Computer and Telecommunications Networking
Formal Verification of Security Policy Implementations in Enterprise Networks
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
FAME: a firewall anomaly management environment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Reconciling multiple IPsec and firewall policies
Proceedings of the 15th international conference on Security protocols
Topological transformation approaches to TCAM-based packet classification
IEEE/ACM Transactions on Networking (TON)
MIRAGE: a management tool for the analysis and deployment of network security policies
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Towards filtering and alerting rule rewriting on single-component policies
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
Firewall policy change-impact analysis
ACM Transactions on Internet Technology (TOIT)
Bit weaving: a non-prefix approach to compressing packet classifiers in TCAMs
IEEE/ACM Transactions on Networking (TON)
Change-impact analysis of firewall policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Firewall packet filtering optimization using statistical traffic awareness test
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
On the notion of redundancy in access control policies
Proceedings of the 18th ACM symposium on Access control models and technologies
A ternary unification framework for optimizing TCAM-based packet classification systems
ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems
| Hi-index | 0.00 |
Firewalls are safety-critical systems that secure most private networks. The function of a firewall is to examine each incoming and outgoing packet and decide whether to accept or to discard the packet. This decision is made according to a sequence of rules, where some rules may be redundant. Redundant rules significantly degrade the performance of firewalls. Previous work detects only two special types of redundant rules. In this paper, we solve the problem of how to detect all redundant rules. First, we give a necessary and sufficient condition for identifying all redundant rules. Based on this condition, we categorize redundant rules into upward redundant rules and downward redundant rules. Second, we present methods for detecting the two types of redundant rules respectively. Our methods make use of a tree representation of firewalls, which is called firewall decision trees.