DocumentCode :
3348509
Title :
Notice of Violation of IEEE Publication Principles
On the Safety and Efficiency of Firewall Policy Deployment
Author :
Sivasubramanian, Vinoth
Author_Institution :
Dept. of Comput. Sci. & Eng., Indian Inst. of Technol., Mumbai
fYear :
2008
fDate :
7-11 April 2008
Firstpage :
138
Lastpage :
152
Abstract :
Notice of Violation of IEEE Publication Principles

"On the Safety and Efficiency of Firewall Policy Deployment,"
by Vinoth Sivasubramaniam
In the Proceedings of the IEEE Network Operations and Management Symposium Workshops, 2008. NOMS Workshops 2008, pp.138-152, April 2008

After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE\´s Publication Principles.

This paper is a duplication of the original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission.

Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article:

"On the Safety and Efficiency of Firewall Policy Deployment,"
by Charles C. Zhang, Marianne Winslett, and Carl A. Gunter,
in the Proceedings of the 2007 IEEE Symposium on Security and Privacy (SP07), May 2007, pp. 33-50.Firewall policy management is challenging and error-prone. While ample research has led to tools for policy specification, correctness analysis, and optimization, few researchers have paid attention to firewall policy deployment, the process where a management tool edits a firewall\´s configuration to make it run the policies specified in the tool. In this paper, we provide the first formal definition and theoretical analysis of safety in firewall policy deployment. We show that naive deployment approaches can easily create a temporary security hole by permitting illegal traffic, or interrupt service by rejecting legal traffic during the deployment. We define safe and most-efficient deployments, and introduce the shuffling theorem as a formal basis for constructing deployment algorithms and proving their safety. We present efficient algor- ithms for constructing most-efficient deployments in popular policy editing languages. We show that in certain widely installed policy editing languages, a safe deployment is not always possible. We also show how to leverage existing diff algorithms to guarantee a safe, most efficient, and monotonic deployment in other editing languages.
Keywords :
authorisation; computer network management; telecommunication security; telecommunication traffic; firewall policy management; network management; network traffic; shuffling theorem;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Network Operations and Management Symposium Workshops, 2008. NOMS Workshops 2008. IEEE
Conference_Location :
Salvador da Bahia
Print_ISBN :
978-1-4244-2067-4
Type :
conf
DOI :
10.1109/NOMSW.2007.24
Filename :
4509940
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=3348509
بازگشت