Title :
An enhanced algorithm for Firewall Policy Deployment
Author :
Kartit, A. ; El Marraki, M.
Author_Institution :
Fac. of Sci., Dept. of Comput. Sci., Univ. Mohammed V - Agdal Rabat, Rabat, Morocco
Abstract :
Policy deployment is the process by which policy editing commands are issued on firewall, so that the target policy becomes the running policy. The size and complexity of firewall policies require automated tools providing an adequate environment to specify, configure and deploy a target policy. In this paper, we make some contributions to the correctness of Firewall Policy Deployment. We show that the category of type I policy editing [2] is incorrect and could lead to security vulnerabilities. We then provide a correct algorithm for Type I Deployment called “Enhanced Scanning Deployment”. Our algorithm can be used even for the deployment of policies whose size is very large. Finally, we implement and evaluate the performances of the new algorithm.
Keywords :
computer network security; automated tool; enhanced scanning deployment; firewall policy deployment; policy editing command; type I policy editing; Filtering; Fires; IP networks; Optimization; Security; Transforms; Firewall Policy Management (FPM); Network Security (NS); Target Policy Deployment (TPD);
Conference_Titel :
Multimedia Computing and Systems (ICMCS), 2011 International Conference on
Conference_Location :
Ouarzazate
Print_ISBN :
978-1-61284-730-6
DOI :
10.1109/ICMCS.2011.5945704
