Automatic verification of conformance of firewall configurations to security policies

Author

Ben Youssef, Nihel ; Bouhoula, Adel ; Jacquemard, Florent

Author_Institution

Higher Sch. of Commun. of Tunis, Tunis, Tunisia

fYear

2009

fDate

5-8 July 2009

Firstpage

526

Lastpage

531

Abstract

The configuration of firewalls is highly error prone and automated solution are needed in order to analyze its correctness. We propose a formal and automatic method for checking whether a firewall reacts correctly with respect to a security policy given in an high level declarative language. When errors are detected, some feedback is returned to the user in order to correct the firewall configuration. Furthermore, the procedure verifies that no conflicts exist within the security policy. We show that our method is both correct and complete. Finally, it has been implemented in a prototype of verifier based on a satisfiability solver modulo theories (SMT). Experiment conducted on relevant case studies demonstrate the efficiency and scalability of the approach.

Keywords

authorisation; computability; computer networks; formal verification; telecommunication security; SMT; automatic verification; firewall configuration; high level declarative language; satisfiability solver modulo theory; security policy; Error correction; Feedback; Filtering; Formal verification; High level languages; Prototypes; Scalability; Security; Surface-mount technology; SMT solver; firewall configuration; formal verification; security; security policy;

fLanguage

English

Publisher

ieee

Conference_Titel

Computers and Communications, 2009. ISCC 2009. IEEE Symposium on

Conference_Location

Sousse

ISSN

1530-1346

Print_ISBN

978-1-4244-4672-8

Electronic_ISBN

1530-1346

Type

conf

DOI

10.1109/ISCC.2009.5202309

Filename

5202309