An inference system for detecting firewall filtering rules anomalies

Tarek Abbes Adel Bouhoula 1 Michael Rusinowitch 2
2 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Firewalls are crucial equipments for protecting private networks. However by only deploying firewalls, administrators are far from securing their enterprises networks. Bad configurations may cause serious security breaches and network vulnerabilities. In particular, conflicting filtering rules lead to block legitimate traffic or to accept unwanted packets. We present in this paper a new classification method to detect overlaps between packet filters within one firewall. Our method processes a set of filtering rules that have a variable number of fields. A field has a range of values, represented by an interval or a variable length bit string, that may intersect with the corresponding field ranges of other rules. In order to detect overlaps we organize the conditions of each filtering rule in such a way that we can quickly separate non overlapping rules. This strategy allows us to avoid considering the entire rule header in many cases.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/inria-00329730
Contributor : Michaël Rusinowitch <>
Submitted on : Monday, October 13, 2008 - 11:59:48 AM
Last modification on : Friday, July 6, 2018 - 3:06:09 PM

Identifiers

  • HAL Id : inria-00329730, version 1

Citation

Tarek Abbes, Adel Bouhoula, Michael Rusinowitch. An inference system for detecting firewall filtering rules anomalies. 23rd Annual ACM Symposium on Applied Computing - SAC'08, 2008, Fortaleza, Brazil. pp.2122-2128. ⟨inria-00329730⟩

Share

Metrics

Record views

500