Safe and Efficient Strategies for Updating Firewall Policies

Zeeshan Ahmed 1 Abdessamad Imine 1 Michaël Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. Much research has already addressed policy specification, conflict detection, and optimization but very little research is devoted to firewall policy deployment. Only recently, some researchers have proposed deployment strategies for two important classes of policy editing languages. In this report, we show that these strategies have serious flaws leading to security breaches. Then we provide correct, efficient and safe algorithms for both classes of languages. Our experimental results show that these algorithms are very fast and can be used safely even for deploying very large policies.
Type de document :
[Research Report] RR-6940, INRIA. 2009, pp.19
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger
Contributeur : Abdessamad Imine <>
Soumis le : lundi 18 mai 2009 - 17:08:35
Dernière modification le : vendredi 6 juillet 2018 - 15:06:10
Document(s) archivé(s) le : mercredi 22 septembre 2010 - 12:11:21


Fichiers produits par l'(les) auteur(s)


  • HAL Id : inria-00381778, version 2


Zeeshan Ahmed, Abdessamad Imine, Michaël Rusinowitch. Safe and Efficient Strategies for Updating Firewall Policies. [Research Report] RR-6940, INRIA. 2009, pp.19. 〈inria-00381778v2〉



Consultations de la notice


Téléchargements de fichiers