Safe and Efficient Strategies for Updating Firewall Policies

Zeeshan Ahmed 1 Abdessamad Imine 1 Michael Rusinowitch 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. When activated in online mode, a firewall policy deployment is a very difficult and error-prone task. Indeed, it may result in self-Denial of Service (self-DoS) and/or temporary security breaches. In this paper, we provide correct, efficient and safe algorithms for two important classes of policy editing. Our experimental results show that these algorithms are fast and can be used safely even for deploying large policies.
Complete list of metadatas

https://hal.inria.fr/inria-00529077
Contributor : Abdessamad Imine <>
Submitted on : Sunday, October 24, 2010 - 6:23:47 PM
Last modification on : Friday, July 6, 2018 - 3:06:10 PM

Identifiers

  • HAL Id : inria-00529077, version 1

Citation

Zeeshan Ahmed, Abdessamad Imine, Michael Rusinowitch. Safe and Efficient Strategies for Updating Firewall Policies. 7th International Conference on Trust, Privacy & Security in Digital Business - TrustBus 2010, Aug 2010, Bilbao, Spain. pp.45-57. ⟨inria-00529077⟩

Share

Metrics

Record views

446