Sciweavers

LISA
2007

Inferring Higher Level Policies from Firewall Rules

14 years 2 months ago
Inferring Higher Level Policies from Firewall Rules
Packet filtering firewall is one of the most important mechanisms used by corporations to enforce their security policy. Recent years have seen a lot of research in the area of firewall management. Typically, firewalls use a large number of low-level filtering rules which are configured using vendor-specific tools. System administrators start off by writing rules which implement the security policy of the organization. They add/delete/change order of rules as the requirements change. For example, when a new machine is added to the network, new rules might be added to the firewall to enable certain services to/from that machine. Making such changes to the low-level rules is complicated by the fact that the effect of a rule is dependent on its priority (usually determined by the position of the rule in the rule set). As the size and complexity of a rule set increase, it becomes difficult to understand the impact of a rule on the rule set. This makes management of rule sets more...
Alok Tongaonkar, Niranjan Inamdar, R. Sekar
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2007
Where LISA
Authors Alok Tongaonkar, Niranjan Inamdar, R. Sekar
Comments (0)