Sciweavers

ICC
2007
IEEE

Reducing the Size of Rule Set in a Firewall

14 years 5 months ago
Reducing the Size of Rule Set in a Firewall
— A firewall’s complexity is known to increase with the size of its rule set. Complex firewalls are more likely to have configuration errors which cause security loopholes. Until now, two rules can be merged into one only when they are exactly same for all the dimensions except one for which each value of two rules should be adjacent to each other. In this paper, we propose a new and aggressive reduction algorithm which finds a group of rules and replace it with a smaller new group so that the total size of rule set can be reduced. This can not be achievable by any previous work because all of them eliminate rules only when these rules are redundant by other rules in the same rule set. The proposed algorithm is also orthogonal to the previous works so that it can be used to supplement them. Key Words: firewall, rule management, network security
MyungKeun Yoon, Shigang Chen, Zhan Zhang
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ICC
Authors MyungKeun Yoon, Shigang Chen, Zhan Zhang
Comments (0)