Firewalls and Security Gateways are core elements in network security infrastructure. As networks and services become more complex, managing access-list rules becomes an error-prone task. Conflicts in a policy can cause holes in security, and can often be hard to find while performing only visual or manual inspection. First, we have defined a methodology to systematically classify the severity of rule conflicts; secondly, we have proposed two different solutions to automatically resolve conflicts in a firewall. For one of them we found an algebraic proof of the existence of the solution and the convergence of the algorithm, and then we have made a software implementation to test it. © 2007 IEEE.
Automatic conflict analysis and resolution of traffic filtering policy for firewall and Security Gateway / FERRARESI, SIMONE; S., Pesic; L., Trazza; BAIOCCHI, Andrea. - (2007), pp. 1304-1310. (Intervento presentato al convegno IEEE International Conference on Communications (ICC 2007) tenutosi a Glasgow; United Kingdom nel JUN 24-28, 2007) [10.1109/icc.2007.220].
Automatic conflict analysis and resolution of traffic filtering policy for firewall and Security Gateway
FERRARESI, SIMONE;BAIOCCHI, Andrea
2007
Abstract
Firewalls and Security Gateways are core elements in network security infrastructure. As networks and services become more complex, managing access-list rules becomes an error-prone task. Conflicts in a policy can cause holes in security, and can often be hard to find while performing only visual or manual inspection. First, we have defined a methodology to systematically classify the severity of rule conflicts; secondly, we have proposed two different solutions to automatically resolve conflicts in a firewall. For one of them we found an algebraic proof of the existence of the solution and the convergence of the algorithm, and then we have made a software implementation to test it. © 2007 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
