A Unified Methodology for Verification and Synthesis of Firewall Configurations
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Automatic analysis of firewall and network intrusion detection system configurations
Journal of Computer Security - Formal Methods in Security Engineering Workshop (FMSE 04)
| Hi-index | 0.00 |
Firewalls offer a protection for private networks againstexternal attacks.However, configuring firewalls is adifficult task.The reason is that the effects of a firewallconfiguration cannot be easily seen during theconfiguration time.As a result, errors and loopholes infirewall configurations, if exist, are discovered only afterthey actually happen at the execution time.In this paper,we propose a preliminary yet novel model and itsmethodology for hardware-based firewalls.Our modeloffers precise and simple understanding of effects offirewall configurations.Moreover, our methodologyoffers an analysis of effects of firewall configurations.In particular, it provides reasoning about the correctness offirewall configurations.Also, the redundancy andinconsistency of firewall rules can be reasoned about.Asa result, many kinds of errors and loopholes of firewallconfigurations can be detected during the configurationtime.