Computer Networks: The International Journal of Computer and Telecommunications Networking
Formal correctness of conflict detection for firewalls
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
PolicyVis: firewall security policy visualization and inspection
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
The policy continuum-Policy authoring and conflict analysis
Computer Communications
Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Fast, cheap, and in control: a step towards pain free security!
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Policy-constrained bio-inspired processes for autonomic route management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient access enforcement in distributed role-based access control (RBAC) deployments
Proceedings of the 14th ACM symposium on Access control models and technologies
Design of the host guard firewall for network protection
ISP'08 Proceedings of the 7th WSEAS international conference on Information security and privacy
Using argumentation logic for firewall configuration management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
On harnessing information models and ontologies for policy conflict analysis
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Towards automated security policy enforcement in multi-tenant virtual data centers
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Managing intrusion detection rule sets
Proceedings of the Third European Workshop on System Security
Misconfigurations discovery between distributed security components using the mobile agent approach
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
An entropy-based countermeasure against intelligent dos attacks targeting firewalls
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
FlowChecker: configuration analysis and verification of federated openflow infrastructures
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Comparison model and algorithm for distributed firewall policy
ICIC'06 Proceedings of the 2006 international conference on Intelligent computing: Part II
Aligning Semantic Web applications with network access controls
Computer Standards & Interfaces
Semantic Web-Based Management of Routing Configurations
Journal of Network and Systems Management
Symbolic analysis of network security policies using rewrite systems
Proceedings of the 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming
A novel three-tiered visualization approach for firewall rule validation
Journal of Visual Languages and Computing
Journal of Systems and Software
Detection and resolution of anomalies in firewall policy rules
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Towards filtering and alerting rule rewriting on single-component policies
SAFECOMP'06 Proceedings of the 25th international conference on Computer Safety, Reliability, and Security
On synthesizing distributed firewall configurations considering risk, usability and cost constraints
Proceedings of the 7th International Conference on Network and Services Management
Analysis of policy anomalies on distributed network security setups
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Transversal policy conflict detection
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
SyFi: a systematic approach for estimating stateful firewall performance
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Could firewall rules be public – a game theoretical perspective
Security and Communication Networks
Network-level access control policy analysis and transformation
IEEE/ACM Transactions on Networking (TON)
A visualized internet firewall rule validation system
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
An approach for network information flow analysis for systems of embedded components
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Limitation of listed-rule firewall and the design of tree-rule firewall
IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Improving cloud network security using the Tree-Rule firewall
Future Generation Computer Systems
| Hi-index | 0.07 |
Firewalls are core elements in network security. However, managing firewall rules, particularly, in multifirewall enterprise networks, has become a complex and error-prone task. Firewall filtering rules have to be written, ordered, and distributed carefully in order to avoid firewall policy anomalies that might cause network vulnerability. Therefore, inserting or modifying filtering rules in any firewall requires thorough intrafirewall and interfirewall analysis to determine the proper rule placement and ordering in the firewalls. In this paper, we identify all anomalies that could exist in a single- or multifirewall environment. We also present a set of techniques and algorithms to automatically discover policy anomalies in centralized and distributed firewalls. These techniques are implemented in a software tool called the "Firewall Policy Advisor" that simplifies the management of filtering rules and maintains the security of next-generation firewalls.