Analysis Methods of Firewall Policies by using Spatial Relationships between Filters

Author

Yin, Yi ; Bhuvaneswaran, R.S. ; Katayama, Yasunao ; Takahashi, Naohisa

Author_Institution

Dept. of Comput. Sci. & Eng., Nagoya Inst. of Technol.

fYear

2007

fDate

22-24 Feb. 2007

Firstpage

348

Lastpage

354

Abstract

Network security can be increased by filtering packets at a firewall. Packet filtering examines network packets and decides whether to accept or deny them, and these decisions are made according to policies that are established by the network administrator and implemented by specific filters. An administrator who finds it hard to understand and maintain a policy, will not easily find problems that occur when the filters are changed (added, deleted, or replaced) or when hierarchical firewalls are used and will therefore not be certain that the intended policies are implemented correctly and completely. In this paper, we consider the relations of filters as spatial relations, and propose three analysis methods (impact inferring, equality judgment, and composition analysis) to determine anomalies of firewall policies by using spatial relations between filters

Keywords

authorisation; computer networks; decision making; filtering theory; telecommunication security; decision making; firewall policy; network security; packet filtering; spatial relationship; Computer networks; Computer science; Equations; Filtering; Filters; Production; Protocols; Wool;

fLanguage

English

Publisher

ieee

Conference_Titel

Signal Processing, Communications and Networking, 2007. ICSCN '07. International Conference on

Conference_Location

Chennai

Print_ISBN

1-4244-0997-7

Electronic_ISBN

1-4244-0997-7

Type

conf

DOI

10.1109/ICSCN.2007.350761

Filename

4156643