Skip to Main content Skip to Navigation
New interface
Conference papers

Safe and Efficient Strategies for Updating Firewall Policies

Zeeshan Ahmed 1 Abdessamad Imine 1 Michael Rusinowitch 1 
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. When activated in online mode, a firewall policy deployment is a very difficult and error-prone task. Indeed, it may result in self-Denial of Service (self-DoS) and/or temporary security breaches. In this paper, we provide correct, efficient and safe algorithms for two important classes of policy editing. Our experimental results show that these algorithms are fast and can be used safely even for deploying large policies.
Complete list of metadata
Contributor : Abdessamad Imine Connect in order to contact the contributor
Submitted on : Sunday, October 24, 2010 - 6:23:47 PM
Last modification on : Friday, January 21, 2022 - 3:08:57 AM


  • HAL Id : inria-00529077, version 1


Zeeshan Ahmed, Abdessamad Imine, Michael Rusinowitch. Safe and Efficient Strategies for Updating Firewall Policies. 7th International Conference on Trust, Privacy & Security in Digital Business - TrustBus 2010, Aug 2010, Bilbao, Spain. pp.45-57. ⟨inria-00529077⟩



Record views