Title :
Analysis Methods of Firewall Policies by using Spatial Relationships between Filters
Author :
Yin, Yi ; Bhuvaneswaran, R.S. ; Katayama, Yasunao ; Takahashi, Naohisa
Author_Institution :
Dept. of Comput. Sci. & Eng., Nagoya Inst. of Technol.
Abstract :
Network security can be increased by filtering packets at a firewall. Packet filtering examines network packets and decides whether to accept or deny them, and these decisions are made according to policies that are established by the network administrator and implemented by specific filters. An administrator who finds it hard to understand and maintain a policy, will not easily find problems that occur when the filters are changed (added, deleted, or replaced) or when hierarchical firewalls are used and will therefore not be certain that the intended policies are implemented correctly and completely. In this paper, we consider the relations of filters as spatial relations, and propose three analysis methods (impact inferring, equality judgment, and composition analysis) to determine anomalies of firewall policies by using spatial relations between filters
Keywords :
authorisation; computer networks; decision making; filtering theory; telecommunication security; decision making; firewall policy; network security; packet filtering; spatial relationship; Computer networks; Computer science; Equations; Filtering; Filters; Production; Protocols; Wool;
Conference_Titel :
Signal Processing, Communications and Networking, 2007. ICSCN '07. International Conference on
Conference_Location :
Chennai
Print_ISBN :
1-4244-0997-7
Electronic_ISBN :
1-4244-0997-7
DOI :
10.1109/ICSCN.2007.350761
