Title :
A Fully Automatic Approach for Fixing Firewall Misconfigurations
Author :
Souayeh, N.B.Y.B. ; Bouhoula, Adel
Author_Institution :
Higher Sch. of Commun. of Tunis (Sup´´Com), Univ. of Carthage, Tunis, Tunisia
fDate :
Aug. 31 2011-Sept. 2 2011
Abstract :
Firewalls are among the most important mechanisms used to enforce network security policies. However, It has been observed that most firewall policies on the Internet are poorly designed. A firewall error may allow the spread of malicious traffic or block legitimate one causing serious damages. A major source of firewall misconfigurations stem from the logically entangled nature of firewall filtering rules. Moreover, updating filtering rules could induce to faults and in turn could lead to irreparable consequences. Despite of the importance of automatic correction of firewall configurations, this problem has not been explored in previous work. In this paper, we propose a formal and fully automatic approach for correcting a firewall during execution. We prove that our method is both correct and safe. To a better efficiency, we also propose a rule-based optimization approach. Finally, our methods have been implemented in a prototype. The first results are very promising.
Keywords :
Internet; authorisation; computer networks; optimisation; Internet; firewall filtering rules; firewall misconfigurations; malicious traffic; network security policies; rule-based optimization approach; Fires; Optimization; Protocols; Security; Semantics; Servers; Firewall; SMT solver; formal verification; security policy;
Conference_Titel :
Computer and Information Technology (CIT), 2011 IEEE 11th International Conference on
Conference_Location :
Pafos
Print_ISBN :
978-1-4577-0383-6
Electronic_ISBN :
978-0-7695-4388-8
DOI :
10.1109/CIT.2011.84
