Title :
Real time verification of firewalls with dynamic rulebase update
Author :
Gawanmeh, Amjad ; Tahar, Sofiene
Author_Institution :
Dept. of Electr. & Comput. Eng., Khalifa Univ. of Sci., Technol. & Res., Abu Dhabi, United Arab Emirates
Abstract :
Firewalls provide the required security for private communication networks since they protect them from undesired traffic and unauthorized access. They are required to implement several security policies that are specified at a high level of abstraction. The verification of firewalls and the security policies they implement is a challenging problem because of the critical role of their dynamic operation. In this work, we introduce a novel method for verifying the correct implementation of security policies in firewalls. The method is used to show that, during the firewall runtime, security policies are implemented in the firewall rulebase with no conflicts. The method is tested on synthetic firewalls of practical size. The evaluation of this method shows its ability to verify real time security policy implementation in firewalls during their runtime.
Keywords :
firewalls; formal verification; dynamic operation; dynamic rulebase update; firewalls; private communication network security; real time verification; security policies; Firewalls (computing); Heuristic algorithms; Ports (Computers); Protocols; Real-time systems; Runtime; Firewall Security; Formal Methods; Policy Verification;
Conference_Titel :
Electrical and Computer Engineering (CCECE), 2014 IEEE 27th Canadian Conference on
Conference_Location :
Toronto, ON
Print_ISBN :
978-1-4799-3099-9
DOI :
10.1109/CCECE.2014.6900958
