A formal framework for verifying inter-firewalls consistency

Author

Moussa, Madeleine ; Ould-Slimane, Hakima ; Boucheneb, Hanifa ; Chamberland, Steven

Author_Institution

Dept. of Comput. & Software Eng., Polytech. Montreal, Montréal, ON, Canada

fYear

2014

fDate

23-26 June 2014

Firstpage

1

Lastpage

7

Abstract

The main problem of firewall configuration is to ensure the filtering rules consistency w.r.t. a global security policy. However, the overall firewalls configuration on a network, which requires a human intervention, is often an error-prone process. Therefore, automated solutions are needed in order to detect firewall configuration inconsistencies and to check the inter-firewalls consistency. In this paper, we propose a formal modeling and verification framework based on model checking. It allows to verify automatically the end-to-end security behavior of a set of firewalls w.r.t. a global security policy. To deal with state explosion problem, two abstractions are proposed and evaluated in term of space and time complexity, according to the network size and connectivity rate.

Keywords

computational complexity; firewalls; formal verification; connectivity rate; end-to-end security behavior; error-prone process; filtering rules consistency; firewall configuration inconsistency detection; formal modeling; formal verification framework; global security policy; human intervention; interfirewalls consistency verification; model checking; network size; space complexity; state explosion problem; time complexity; Automata; Explosions; Filtering; Firewalls (computing); Model checking; Network topology; Firewall; Model Checking; Security Policy;

fLanguage

English

Publisher

ieee

Conference_Titel

Computers and Communication (ISCC), 2014 IEEE Symposium on

Conference_Location

Funchal

Type

conf

DOI

10.1109/ISCC.2014.6912478

Filename

6912478