Safe and Efficient Strategies for Updating Firewall Policies

Zeeshan Ahmed 1 Abdessamad Imine 1 Michael Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. When activated in online mode, a firewall policy deployment is a very difficult and error-prone task. Indeed, it may result in self-Denial of Service (self-DoS) and/or temporary security breaches. In this paper, we provide correct, efficient and safe algorithms for two important classes of policy editing. Our experimental results show that these algorithms are fast and can be used safely even for deploying large policies.
Type de document :
Communication dans un congrès
Sokratis K. Katsikas and Javier Lopez and Miguel Soriano. 7th International Conference on Trust, Privacy & Security in Digital Business - TrustBus 2010, Aug 2010, Bilbao, Spain. Springer, 6264, pp.45-57, 2010, Lecture Notes of Computer Science
Liste complète des métadonnées

https://hal.inria.fr/inria-00529077
Contributeur : Abdessamad Imine <>
Soumis le : dimanche 24 octobre 2010 - 18:23:47
Dernière modification le : vendredi 6 juillet 2018 - 15:06:10

Identifiants

  • HAL Id : inria-00529077, version 1

Citation

Zeeshan Ahmed, Abdessamad Imine, Michael Rusinowitch. Safe and Efficient Strategies for Updating Firewall Policies. Sokratis K. Katsikas and Javier Lopez and Miguel Soriano. 7th International Conference on Trust, Privacy & Security in Digital Business - TrustBus 2010, Aug 2010, Bilbao, Spain. Springer, 6264, pp.45-57, 2010, Lecture Notes of Computer Science. 〈inria-00529077〉

Partager

Métriques

Consultations de la notice

408