Title :
Measuring firewall security
Author :
Al-Haj, Saeed ; Al-Shaer, Ehab
Author_Institution :
Dept. of Software & Inf. Syst., Univ. of North Carolina Charlotte, Charlotte, NC, USA
fDate :
Oct. 31 2011-Nov. 1 2011
Abstract :
In the recent years, more attention is given to firewalls as they are considered the corner stone in Cyber defense perimeters. The ability to measure the quality of protection of a firewall policy is a key step to assess the defense level for any network. To accomplish this task, it is important to define objective metrics that are formally provable and practically useful. In this work, we propose a set of metrics that can objectively evaluate and compare the hardness and similarities of access policies of single firewalls based on rules tightness, the distribution of the allowed traffic, and security requirements. In order to analyze firewall polices based on the policy semantic, we used a canonical representation of firewall rules using Binary Decision Diagrams (BDDs) regardless of the rules format and representation. The contribution of this work comes in measuring and comparing firewall security deterministically in term of security compliance and weakness in order to optimize security policy and engineering.
Keywords :
authorisation; binary decision diagrams; computer network security; BDD; binary decision diagram; cyber defense perimeter; firewall policy semantic; firewall security measurement; metrics set; Complexity theory; Data structures; Equations; Fires; Indexes; Measurement; Security;
Conference_Titel :
Configuration Analytics and Automation (SAFECONFIG), 2011 4th Symposium on
Conference_Location :
Arlington, VA
Print_ISBN :
978-1-4673-0401-6
Electronic_ISBN :
978-1-4673-0400-9
DOI :
10.1109/SafeConfig.2011.6111669
