Title :
Automatic Conformance Verification of Distributed Firewalls to Security Requirements
Author :
Ben Souayeh Ben Youssef, Nihel ; Bouhoula, Adel
Author_Institution :
Higher Sch. of Commun. of Tunis (Sup´´Com), Univ. of November 7th at Carthage, Carthage, Tunisia
Abstract :
Distributed firewalls are often deployed by large enterprises to filter the network traffic. However, it has been observed that the resulting complex firewall network is highly error prone and causes serious security holes. Hence, automated solutions are needed in order to check its correctness. In this paper, we propose a formal and automatic method for checking whether distributed firewalls react correctly with respect to a security policy given in a high level declarative language. When errors are detected, some useful feedback is returned to the user in order to correct the firewall configurations. Furthermore, the procedure verifies that no conflicts exist within the security policy. We show that our method is both correct and complete. Finally, it has been implemented in a prototype of verifier based on a satisfiability solver modulo theories (SMT). Experiment conducted on relevant case studies demonstrate the efficiency of our approach.
Keywords :
authorisation; computability; conformance testing; distributed processing; program verification; automatic conformance verification; distributed firewalls; high level declarative language; satisfiability solver modulo theories; security requirements; Access control; Conferences; Fires; Prototypes; Routing; Social network services; SMT solver; computer security; distributed firewall configuration; formal verification; security policy;
Conference_Titel :
Social Computing (SocialCom), 2010 IEEE Second International Conference on
Conference_Location :
Minneapolis, MN
Print_ISBN :
978-1-4244-8439-3
Electronic_ISBN :
978-0-7695-4211-9
DOI :
10.1109/SocialCom.2010.126
