Title :
Novel algorithm for detecting conflicts in firewall rules
Author :
Gawanmeh, Amjad ; Tahar, Sofiene
Author_Institution :
Dept. of Electr. & Comput. Eng., Khalifa Univ. of Sci., Sharjah, United Arab Emirates
fDate :
April 29 2012-May 2 2012
Abstract :
Firewalls are widely adopted for protecting private networks by filtering out undesired network traffic in and out of secured networks. Therefore, they play an important role in the security of communication systems. The verification of firewalls is a great challenge because of the dynamic characteristics of their operation, their configuration is highly error prone, and finally, they are considered the first defense to secure networks against attacks and unauthorized access. In this paper, we present a formal model for firewalls rulebase and a novel algorithm for detecting and identifying conflicts in firewalls rulebase. Our algorithm is based on calculating the conflict set of firewall configurations using the domain restriction. We show that the algorithm terminates, then we apply it on a firewall rulebase example.
Keywords :
computer network security; telecommunication traffic; communication system security; conflict detection; domain restriction; firewall configurations; firewall verification; firewalls rulebase formal model; network traffic; private network protection; Complexity theory; Computers; Conferences; Heuristic algorithms; IEEE Computer Society Press; IP networks; Security; Fireall security; Formal model; Formal verification; Rulebase conflict;
Conference_Titel :
Electrical & Computer Engineering (CCECE), 2012 25th IEEE Canadian Conference on
Conference_Location :
Montreal, QC
Print_ISBN :
978-1-4673-1431-2
Electronic_ISBN :
0840-7789
DOI :
10.1109/CCECE.2012.6334998
