• DocumentCode
    2135602
  • Title

    An enhanced algorithm for Firewall Policy Deployment

  • Author

    Kartit, A. ; El Marraki, M.

  • Author_Institution
    Fac. of Sci., Dept. of Comput. Sci., Univ. Mohammed V - Agdal Rabat, Rabat, Morocco
  • fYear
    2011
  • fDate
    7-9 April 2011
  • Firstpage
    1
  • Lastpage
    4
  • Abstract
    Policy deployment is the process by which policy editing commands are issued on firewall, so that the target policy becomes the running policy. The size and complexity of firewall policies require automated tools providing an adequate environment to specify, configure and deploy a target policy. In this paper, we make some contributions to the correctness of Firewall Policy Deployment. We show that the category of type I policy editing [2] is incorrect and could lead to security vulnerabilities. We then provide a correct algorithm for Type I Deployment called “Enhanced Scanning Deployment”. Our algorithm can be used even for the deployment of policies whose size is very large. Finally, we implement and evaluate the performances of the new algorithm.
  • Keywords
    computer network security; automated tool; enhanced scanning deployment; firewall policy deployment; policy editing command; type I policy editing; Filtering; Fires; IP networks; Optimization; Security; Transforms; Firewall Policy Management (FPM); Network Security (NS); Target Policy Deployment (TPD);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Multimedia Computing and Systems (ICMCS), 2011 International Conference on
  • Conference_Location
    Ouarzazate
  • ISSN
    Pending
  • Print_ISBN
    978-1-61284-730-6
  • Type

    conf

  • DOI
    10.1109/ICMCS.2011.5945704
  • Filename
    5945704
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2135602