Management and translation of filtering security policies

Author

Al-Shaer, Ehab S. ; Hamed, Hazem H.

Author_Institution

Sch. of Comput. Sci., Telecommun. & Inf. Syst., DePaul Univ., Chicago, IL, USA

Volume

1

fYear

2003

fDate

11-15 May 2003

Firstpage

256

Abstract

Firewalls are essential elements of security policy enforcement in modern networks. However, managing a filtering security policy, especially for enterprise networks, has become complex and error-prone. Filtering rules have to be carefully written and organized in order to correctly implement the security policy and avoid policy anomalies. In this paper, we present a set of techniques and algorithms that provide (1) automatic anomaly discovery for rule conflicts and potential problems in legacy firewalls, (2) anomaly-free policy editing for rule insertion, modification and removal, and (3) concise translation of filtering rules to high-level textual description for user visualization and verification. These techniques significantly simplify the management of any generic firewall policy written as filtering rules, while minimizing network vulnerability due to filtering policy misconfiguration.

Keywords

authorisation; computer network management; information filters; anomaly-free policy editing; automatic anomaly discovery; filtering policy misconfiguration; filtering security policy; firewall; high-level textual description; management; network vulnerability minimization; policy anomaly avoidance; rule insertion; rule modification; translation; user verification; user visualization; Computer errors; Computer network management; Computer science; Computer security; Filtering algorithms; Information security; Laboratories; Management information systems; Multimedia systems; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications, 2003. ICC '03. IEEE International Conference on

Print_ISBN

0-7803-7802-4

Type

conf

DOI

10.1109/ICC.2003.1204180

Filename

1204180