Change-Impact Analysis of Firewall Policies

Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall directly depends on the quality of its policy (i.e., configuration). Due to the lack of tools for analyzing firewall policies, most firewalls on the Internet have been plagued with policy errors. A firewall policy error either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. A major source of policy errors stem from policy changes. Firewall policies often need to be changed as networks evolve and new threats emerge. In this paper, we first present the theory and algorithms for firewall policy change-impact analysis. Our algorithms take as input a firewall policy and a proposed change, then output the accurate impact of the change. Thus, a firewall administrator can verify a proposed change before committing it.

[1]  Pasi Eronen,et al.  An expert system for analyzing firewall rules , 2001 .

[2]  Daniel Hoffman,et al.  Blowtorch: a framework for firewall test automation , 2005, ASE.

[3]  Mohamed G. Gouda,et al.  Complete Redundancy Detection in Firewalls , 2005, DBSec.

[4]  Kathi Fisler,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[5]  Nora Cuppens-Boulahia,et al.  Analysis of Policy Anomalies on Distributed Network Security Setups , 2006, ESORICS.

[6]  Jan Jürjens,et al.  Specification-Based Testing of Firewalls , 2001, Ershov Memorial Conference.

[7]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[8]  George Varghese,et al.  Fast and scalable conflict detection for packet classifiers , 2003, Comput. Networks.

[9]  Archana Ganapathi,et al.  Why Do Internet Services Fail, and What Can Be Done About It? , 2002, USENIX Symposium on Internet Technologies and Systems.

[10]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[11]  Gui-Long Liu,et al.  Rough Sets over the Boolean Algebras , 2005, RSFDGrC.

[12]  Mohamed G. Gouda,et al.  Structured firewall design , 2007, Comput. Networks.

[13]  Sushil Jajodia,et al.  Data and Applications Security XIX, 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Storrs, CT, USA, August 7-10, 2005, Proceedings , 2005, DBSec.

[14]  Joshua D. Guttman,et al.  Filtering postures: local enforcement for global policies , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[15]  Mohamed G. Gouda,et al.  Diverse Firewall Design , 2008, IEEE Trans. Parallel Distributed Syst..

[16]  Guru M. Parulkar,et al.  Detecting and resolving packet filter conflicts , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[17]  Susan Horwitz,et al.  Identifying the semantic and textual differences between two versions of a program , 1990, PLDI '90.

[18]  Pankaj Gupta,et al.  Algorithms for routing lookups and packet classification , 2000 .

[19]  Ehab Al-Shaer,et al.  Discovery of policy anomalies in distributed firewalls , 2004, IEEE INFOCOM 2004.

[20]  Daniel Hoffman,et al.  Testing iptables , 2003, CASCON.

[21]  Scott Hazelhurst,et al.  Algorithms for improving the dependability of firewall and filter rule lists , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[22]  David A. Basin,et al.  Firewall Conformance Testing , 2005, TestCom.

[23]  Anne H. H. Ngu,et al.  Firewall Queries , 2004, OPODIS.

[24]  Michael R. Lyu,et al.  Firewall security: policies, testing and performance evaluation , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[25]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[26]  Dieter Gollmann,et al.  Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings , 2006, ESORICS.

[27]  Paolo Tonella,et al.  Using a Concept Lattice of Decomposition Slices for Program Understanding and Impact Analysis , 2003, IEEE Trans. Software Eng..

[28]  Avishai Wool Architecting the Lumeta Firewall Analyzer , 2001, USENIX Security Symposium.

[29]  Avishai Wool,et al.  Firmato: a novel firewall management toolkit , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[30]  Paola Inverardi,et al.  Software Engineering Education in the Modern Age , 2008 .

[31]  Barbara G. Ryder,et al.  Identifying Failure Causes in Java Programs: An Application of Change Impact Analysis , 2006, IEEE Transactions on Software Engineering.

[32]  Manfred Broy,et al.  Perspectives of System Informatics , 2001, Lecture Notes in Computer Science.

[33]  David Eppstein,et al.  Internet packet filter management and rectangle geometry , 2000, SODA '01.

[34]  Nick McKeown,et al.  Algorithms for packet classification , 2001, IEEE Netw..