Title :
Distributed firewall anomaly detection through LTL model checking
Author :
Halle, Sylvain ; Ngoupe, Eric Lunaud ; Villemaire, Roger ; Cherkaoui, Omar
Author_Institution :
Univ. du Quebec a Chicoutimi, Chicoutimi, QC, Canada
Abstract :
An anomaly in a firewall is a relationship between two of its rules that may hint at a possible misconfiguration of its filter. While checking anomalies within a single firewall is well understood, identifying anomalies across multiple firewalls in a network is a much harder problem that has only been studied for restricted cases. In particular, we show that the correct identification of anomalies must take into account the routing function performed in each node of the network. We introduce a formal model of firewalls and routing tables that generalizes past work on the topic; in particular, we show how the detection of anomalies in this model reduces to the model checking of particular instances of Linear Temporal Logic formulæ. An implementation of an anomaly detector that leverages existing model checkers reveals that distributed anomalies can be identified at a reasonable cost.
Keywords :
firewalls; formal verification; telecommunication network routing; temporal logic; LTL model checking; distributed firewall anomaly detection; formal model; linear temporal logic; linear temporal logic formulæ; multiple firewalls; routing tables; Data structures; Detectors; Model checking; Radio frequency; Redundancy; Routing; Shadow mapping; Linear Temporal Logic; firewall; model checking; rules;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Conference_Location :
Ghent
Print_ISBN :
978-1-4673-5229-1
