Automatic Verification of Conformance of Firewall Configurations to Security Policies

Nihel Ben Youssef 1 Adel Bouhoula 1 Florent Jacquemard 2
2 DAHU - Verification in databases
LSV - Laboratoire Spécification et Vérification [Cachan], ENS Cachan - École normale supérieure - Cachan, Inria Saclay - Ile de France, CNRS - Centre National de la Recherche Scientifique : UMR8643
Abstract : The configuration of firewalls is highly error prone and automated solution are needed in order to analyze its correctness. We propose a formal and automatic method for checking whether a firewall reacts correctly wrt a security policy given in an high level declarative language. When errors are detected, some feedback is returned to the user in order to correct the firewall configuration. Furthermore, the procedure verifies that no conflicts exist within the security policy. We show that our method is both correct and complete. Finally, it has been implemented in a prototype of verifier based on a satisfiability solver modulo theories (SMT). Experiment conducted on relevant case studies demonstrate the efficiency and scalability of the approach.
Type de document :
Communication dans un congrès
IEEE Symposium on Computers and Communications (ISCC), Jul 2009, Sousse, Tunisia. IEEE Computer Society Press, pp.526-531, 2009, 〈http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5202309〉. 〈10.1109/ISCC.2009.5202309〉
Liste complète des métadonnées

Littérature citée [12 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00578926
Contributeur : Florent Jacquemard <>
Soumis le : mardi 22 mars 2011 - 16:40:49
Dernière modification le : jeudi 11 janvier 2018 - 06:22:14
Document(s) archivé(s) le : jeudi 23 juin 2011 - 02:51:42

Fichier

paper8.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Nihel Ben Youssef, Adel Bouhoula, Florent Jacquemard. Automatic Verification of Conformance of Firewall Configurations to Security Policies. IEEE Symposium on Computers and Communications (ISCC), Jul 2009, Sousse, Tunisia. IEEE Computer Society Press, pp.526-531, 2009, 〈http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5202309〉. 〈10.1109/ISCC.2009.5202309〉. 〈inria-00578926〉

Partager

Métriques

Consultations de la notice

161

Téléchargements de fichiers

532