DocumentCode :
2262956
Title :
Firewall anomaly detection with a model checker for visibility logic
Author :
Khorchani, Bassam ; Hallé, Sylvain ; Villemaire, Roger
Author_Institution :
Univ. du Quebec a Chicoutimi, Chicoutimi, QC, Canada
fYear :
2012
fDate :
16-20 April 2012
Firstpage :
466
Lastpage :
469
Abstract :
An anomaly in a firewall is a relationship between two of its rules that may hint at a possible misconfiguration of its filter. One notable limitation of existing solutions for firewall analysis is that they provide algorithms tailored for the verification of specific anomalies. We introduce a modal logic, called Visibility Logic (VL), which can be used to express arbitrary patterns between rules inside a firewall. A model checker allows one to verify any formula expressed in visibility logic, of which traditional anomalies are merely particular instances, with running times of under one second for 1,500 rules.
Keywords :
computer network security; formal logic; formal verification; VL; anomaly verification; firewall analysis; firewall anomaly detection; modal logic; model checker; visibility logic; Boolean functions; Correlation; Data structures; Fires; IP networks; Redundancy; Shadow mapping; firewall; model checking; rules; visibility logic;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Network Operations and Management Symposium (NOMS), 2012 IEEE
Conference_Location :
Maui, HI
ISSN :
1542-1201
Print_ISBN :
978-1-4673-0267-8
Electronic_ISBN :
1542-1201
Type :
conf
DOI :
10.1109/NOMS.2012.6211932
Filename :
6211932
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2262956
بازگشت