Title :
A formal framework for verifying inter-firewalls consistency
Author :
Moussa, Madeleine ; Ould-Slimane, Hakima ; Boucheneb, Hanifa ; Chamberland, Steven
Author_Institution :
Dept. of Comput. & Software Eng., Polytech. Montreal, Montréal, ON, Canada
Abstract :
The main problem of firewall configuration is to ensure the filtering rules consistency w.r.t. a global security policy. However, the overall firewalls configuration on a network, which requires a human intervention, is often an error-prone process. Therefore, automated solutions are needed in order to detect firewall configuration inconsistencies and to check the inter-firewalls consistency. In this paper, we propose a formal modeling and verification framework based on model checking. It allows to verify automatically the end-to-end security behavior of a set of firewalls w.r.t. a global security policy. To deal with state explosion problem, two abstractions are proposed and evaluated in term of space and time complexity, according to the network size and connectivity rate.
Keywords :
computational complexity; firewalls; formal verification; connectivity rate; end-to-end security behavior; error-prone process; filtering rules consistency; firewall configuration inconsistency detection; formal modeling; formal verification framework; global security policy; human intervention; interfirewalls consistency verification; model checking; network size; space complexity; state explosion problem; time complexity; Automata; Explosions; Filtering; Firewalls (computing); Model checking; Network topology; Firewall; Model Checking; Security Policy;
Conference_Titel :
Computers and Communication (ISCC), 2014 IEEE Symposium on
Conference_Location :
Funchal
DOI :
10.1109/ISCC.2014.6912478
