Skip to Main content Skip to Navigation
Conference papers

An inference system for detecting firewall filtering rules anomalies

Tarek Abbes Adel Bouhoula 1 Michael Rusinowitch 2 
2 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Firewalls are crucial equipments for protecting private networks. However by only deploying firewalls, administrators are far from securing their enterprises networks. Bad configurations may cause serious security breaches and network vulnerabilities. In particular, conflicting filtering rules lead to block legitimate traffic or to accept unwanted packets. We present in this paper a new classification method to detect overlaps between packet filters within one firewall. Our method processes a set of filtering rules that have a variable number of fields. A field has a range of values, represented by an interval or a variable length bit string, that may intersect with the corresponding field ranges of other rules. In order to detect overlaps we organize the conditions of each filtering rule in such a way that we can quickly separate non overlapping rules. This strategy allows us to avoid considering the entire rule header in many cases.
Document type :
Conference papers
Complete list of metadata
Contributor : Michaël Rusinowitch Connect in order to contact the contributor
Submitted on : Monday, October 13, 2008 - 11:59:48 AM
Last modification on : Friday, January 21, 2022 - 3:09:02 AM


  • HAL Id : inria-00329730, version 1


Tarek Abbes, Adel Bouhoula, Michael Rusinowitch. An inference system for detecting firewall filtering rules anomalies. 23rd Annual ACM Symposium on Applied Computing - SAC'08, 2008, Fortaleza, Brazil. pp.2122-2128. ⟨inria-00329730⟩



Record views