Title :
A graph theoretic model for hardware-based firewalls
Author :
Permpoontanalarp, Yongyuth ; Rujimethabhas, Chaiwat
Author_Institution :
Logic & Security Lab., King Mongkut´´s Inst. of Technol., Bangkok, Thailand
Abstract :
Firewalls offer a protection for private networks against external attacks. However, configuring firewalls is a difficult task. The reason is that the effects of a firewall configuration cannot be easily seen during the configuration time. As a result, errors and loopholes in firewall configurations, if they exist, are discovered only after they actually happen at the execution time. We propose a preliminary yet novel model and its methodology for hardware-based firewalls. Our model offers precise and simple understanding of effects of firewall configurations. Moreover, our methodology offers an analysis of effects of firewall configurations. In particular, it provides reasoning about the correctness of firewall configurations. Also, the redundancy and inconsistency of firewall rules can be reasoned about. As a result, many kinds of errors and loopholes of firewall configurations can be detected during the configuration time.
Keywords :
authorisation; business communication; computer networks; graph theory; network topology; telecommunication security; conformance testing; errors detection; firewall configuration; firewall rules inconsistency; graph theoretic model; hardware-based firewalls; loopholes detection; network topology; private networks; redundancy; Computer errors; Computer networks; Computer security; Filtering; Information security; Internet; Logic; Network servers; Protection;
Conference_Titel :
Networks, 2001. Proceedings. Ninth IEEE International Conference on
Print_ISBN :
0-7695-1187-4
DOI :
10.1109/ICON.2001.962345
