Safe and Efficient Strategies for Updating Firewall Policies - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Rapport (Rapport De Recherche) Année : 2009

Safe and Efficient Strategies for Updating Firewall Policies

Résumé

Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. Much research has already addressed policy specification, conflict detection, and optimization but very little research is devoted to firewall policy deployment. Only recently, some researchers have proposed deployment strategies for two important classes of policy editing languages. In this report, we show that these strategies have serious flaws leading to security breaches. Then we provide correct, efficient and safe algorithms for both classes of languages. Our experimental results show that these algorithms are very fast and can be used safely even for deploying very large policies.
Fichier principal
Vignette du fichier
RR-6940.pdf (191.48 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

inria-00381778 , version 1 (06-05-2009)
inria-00381778 , version 2 (18-05-2009)

Identifiants

  • HAL Id : inria-00381778 , version 2

Citer

Zeeshan Ahmed, Abdessamad Imine, Michaël Rusinowitch. Safe and Efficient Strategies for Updating Firewall Policies. [Research Report] RR-6940, INRIA. 2009, pp.19. ⟨inria-00381778v2⟩
160 Consultations
359 Téléchargements

Partager

Gmail Facebook X LinkedIn More