Real time verification of firewalls with dynamic rulebase update

Author

Gawanmeh, Amjad ; Tahar, Sofiene

Author_Institution

Dept. of Electr. & Comput. Eng., Khalifa Univ. of Sci., Technol. & Res., Abu Dhabi, United Arab Emirates

fYear

2014

fDate

4-7 May 2014

Firstpage

1

Lastpage

6

Abstract

Firewalls provide the required security for private communication networks since they protect them from undesired traffic and unauthorized access. They are required to implement several security policies that are specified at a high level of abstraction. The verification of firewalls and the security policies they implement is a challenging problem because of the critical role of their dynamic operation. In this work, we introduce a novel method for verifying the correct implementation of security policies in firewalls. The method is used to show that, during the firewall runtime, security policies are implemented in the firewall rulebase with no conflicts. The method is tested on synthetic firewalls of practical size. The evaluation of this method shows its ability to verify real time security policy implementation in firewalls during their runtime.

Keywords

firewalls; formal verification; dynamic operation; dynamic rulebase update; firewalls; private communication network security; real time verification; security policies; Firewalls (computing); Heuristic algorithms; Ports (Computers); Protocols; Real-time systems; Runtime; Firewall Security; Formal Methods; Policy Verification;

fLanguage

English

Publisher

ieee

Conference_Titel

Electrical and Computer Engineering (CCECE), 2014 IEEE 27th Canadian Conference on

Conference_Location

Toronto, ON

ISSN

0840-7789

Print_ISBN

978-1-4799-3099-9

Type

conf

DOI

10.1109/CCECE.2014.6900958

Filename

6900958