Skip to Main content Skip to Navigation
New interface
Reports (Research report)

Safe and Efficient Strategies for Updating Firewall Policies

Zeeshan Ahmed 1 Abdessamad Imine 1 Michaël Rusinowitch 1 
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. Much research has already addressed policy specification, conflict detection, and optimization but very little research is devoted to firewall policy deployment. Only recently, some researchers have proposed deployment strategies for two important classes of policy editing languages. In this report, we show that these strategies have serious flaws leading to security breaches. Then we provide correct, efficient and safe algorithms for both classes of languages. Our experimental results show that these algorithms are very fast and can be used safely even for deploying very large policies.
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Abdessamad Imine Connect in order to contact the contributor
Submitted on : Monday, May 18, 2009 - 5:08:35 PM
Last modification on : Wednesday, October 26, 2022 - 8:16:37 AM
Long-term archiving on: : Wednesday, September 22, 2010 - 12:11:21 PM


Files produced by the author(s)


  • HAL Id : inria-00381778, version 2


Zeeshan Ahmed, Abdessamad Imine, Michaël Rusinowitch. Safe and Efficient Strategies for Updating Firewall Policies. [Research Report] RR-6940, INRIA. 2009, pp.19. ⟨inria-00381778v2⟩



Record views


Files downloads