Sciweavers

SP
2006
IEEE

FIREMAN: A Toolkit for FIREwall Modeling and ANalysis

14 years 5 months ago
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
Security concerns are becoming increasingly critical in networked systems. Firewalls provide important defense for network security. However, misconfigurations in firewalls are very common and significantly weaken the desired security. This paper introduces FIREMAN, a static analysis toolkit for firewall modeling and analysis. By treating firewall configurations as specialized programs, FIREMAN applies static analysis techniques to check misconfigurations, such as policy violations, inconsistencies, and inefficiencies, in individual firewalls as well as among distributed firewalls. FIREMAN performs symbolic model checking of the firewall configurations for all possible IP packets and along all possible data paths. It is both sound and complete because of the finite state nature of firewall configurations. FIREMAN is implemented by modeling firewall rules using binary decision diagrams (BDDs), which have been used successfully in hardware verification and model checkin...
Lihua Yuan, Jianning Mai, Zhendong Su, Hao Chen, C
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where SP
Authors Lihua Yuan, Jianning Mai, Zhendong Su, Hao Chen, Chen-Nee Chuah, Prasant Mohapatra
Comments (0)