Title :
Fault and leak tolerance in firewall engineering
Author :
Smith, Robert N. ; Bhattacharya, Sourav
Author_Institution :
Dept. of Comput. Sci. & Eng., Arizona State Univ., Tempe, AZ, USA
Abstract :
The idea and associated benefits of a Firewall cascade, with the firewalls (FWs) placed across a large complex network, distributed system has been proposed and evaluated by the authors (R.N. Smith and S. Bhattacharya, 1997). The paper extends the FW cascade approach to illustrate its applicability in a perspective of FW fault tolerance. We target the class of FW faults that are due to design errors, e.g., FW leaks. Given that most large complex FW designs are likely to contain design errors or leaks, the end-to-end security objective is how best to deploy a set of such potentially leaky FWs in a way that their net effect can seal or eliminate a majority of the FW leaks. The key idea of a FW cascade adding leak tolerance is due to the heterogeneity of different COTS FWs, as well as a higher assurance that not all distinct FWs are likely to contain identical leaks. The proposed capability in the paper enables a prudent design of a secure network that can scale along the levels of security needs, while maximizing performance, reducing cost and enhancing leak tolerance
Keywords :
computer network reliability; fault tolerant computing; security of data; COTS FWs; FW cascade approach; FW fault tolerance; Firewall cascade; design errors; distributed system; end-to-end security objective; fault tolerance; firewall engineering; large complex FW designs; large complex network; leak tolerance; secure network; security needs; Complex networks; Computer science; Costs; Data security; Design engineering; Fault tolerance; Hardware; Information security; Intelligent networks; Seals;
Conference_Titel :
High-Assurance Systems Engineering Symposium, 1998. Proceedings. Third IEEE International
Conference_Location :
Washington, DC
Print_ISBN :
0-8186-9221-9
DOI :
10.1109/HASE.1998.731603
