Title :
Reducing the Size of Rule Set in a Firewall
Author :
Myung Keun Yoon ; Shigang Chen ; Zhan Zhang
Author_Institution :
Univ. of Florida, Gainesville
Abstract :
A firewall´s complexity is known to increase with the size of its rule set. Complex firewalls are more likely to have configuration errors which cause security loopholes. Until now, two rules can be merged into one only when they are exactly same for all the dimensions except one for which each value of two rules should be adjacent to each other. In this paper, we propose a new and aggressive reduction algorithm which finds a group of rules and replace it with a smaller new group so that the total size of rule set can be reduced. This can not be achievable by any previous work because all of them eliminate rules only when these rules are redundant by other rules in the same rule set. The proposed algorithm is also orthogonal to the previous works so that it can be used to supplement them.
Keywords :
authorisation; computer networks; configuration errors; firewall; rule management; rule set; security loopholes; Communications Society; Computer errors; Concrete; Information science; Information security; Merging; USA Councils; Virtual private networks; Wool; Writing;
Conference_Titel :
Communications, 2007. ICC '07. IEEE International Conference on
Conference_Location :
Glasgow
Print_ISBN :
1-4244-0353-7
DOI :
10.1109/ICC.2007.215
