Reasoning about firewall policies through refinement and composition

Network and host-based access controls, for example, firewall systems, are important points of security-demarcation, operating as a front-line defence for networks and networked systems. A firewall policy is conventionally defined as a sequence of order-dependant rules, and when a network packet matches with two or more policy rules, the policy is anomalous. Policies for access-control mechanisms may consist of thousands of access-control rules, and correct management is complex and errorprone. We argue that a firewall policy should be anomaly-free by construction, and as such, there is a need for a firewall policy language that allows for constructing, comparing, and composing anomaly-free policies. In this paper, an algebra is proposed for constructing and reasoning about anomaly-free firewall policies. Based on the notion of refinement as safe replacement, the algebra provides operators for sequential composition, union and intersection of policies. The effectiveness of the algebra is demonstrated by its application to anomaly detection, and standards compliance. The effectiveness of the approach in practice is evaluated through a mapping to/from iptables. The algebra is used to specify and reason about iptables firewall policy configurations. A prototype policy management toolkit has been implemented.

[1]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[2]  Pasi Eronen,et al.  An expert system for analyzing firewall rules , 2001 .

[3]  Ying Zhang,et al.  Cloud calculus: Security verification in elastic cloud computing platform , 2012, 2012 International Conference on Collaboration Technologies and Systems (CTS).

[4]  Simon N. Foley,et al.  MASON: Mobile autonomic security for network access controls , 2013, J. Inf. Secur. Appl..

[5]  Silvio Ranise Data and Applications Security and Privacy XXX 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Trento, Italy, July 18-20, 2016. Proceedings , 2016 .

[6]  N. Cuppens,et al.  Detection and Removal of Firewall Misconfiguration , 2019 .

[7]  Simon N. Foley,et al.  A firewall algebra for OpenStack , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[8]  Avishai Wool,et al.  Trends in Firewall Configuration Errors: Measuring the Holes in Swiss Cheese , 2010, IEEE Internet Computing.

[9]  Anne H. H. Ngu,et al.  Firewall Queries , 2004, OPODIS.

[10]  Jeremy L. Jacob The Varieties of Refinement , 1991 .

[11]  Steven M. Bellovin,et al.  Policy Algebras for Hybrid Firewalls , 2007 .

[12]  Nora Cuppens-Boulahia,et al.  Management of stateful firewall misconfiguration , 2013, Comput. Secur..

[13]  E. Al-Shaer,et al.  Firewall Policy Advisor for anomaly discovery and rule editing , 2003, IFIP/IEEE Eighth International Symposium on Integrated Network Management, 2003..

[14]  Ta Vinh Thong,et al.  Consistency verification of stateful firewalls is not harder than the stateless case , 2009 .

[15]  Thawatchai Chomsiri,et al.  Firewall Rules Analysis , 2006, Security and Management.

[16]  Ehab Al-Shaer,et al.  Conflict classification and analysis of distributed firewall policies , 2005, IEEE Journal on Selected Areas in Communications.

[17]  Guru M. Parulkar,et al.  Detecting and resolving packet filter conflicts , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[18]  Gheorghe Lucian Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter , 2006 .

[19]  Karen A. Scarfone,et al.  Guidelines on Firewalls and Firewall Policy , 2009 .

[20]  Jonathan B. Postel Internet control message protocol (icmp) , 1981 .

[21]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[22]  Georg Carle,et al.  Verified iptables firewall analysis , 2016, 2016 IFIP Networking Conference (IFIP Networking) and Workshops.

[23]  Simon N. Foley Reasoning about confidentiality requirements , 1994, Proceedings The Computer Security Foundations Workshop VII.

[24]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[25]  Simon N. Foley,et al.  Reasoning About Firewall Policies Through Refinement and Composition , 2016, DBSec.

[26]  Alan Jeffrey,et al.  Model Checking Firewall Policy Configurations , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[27]  Simon N. Foley,et al.  Management of heterogeneous security access control configuration using an ontology engineering approach , 2010, SafeConfig '10.

[28]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[29]  Joshua D. Guttman,et al.  Filtering postures: local enforcement for global policies , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[30]  Nora Cuppens-Boulahia,et al.  MIRAGE: A Management Tool for the Analysis and Deployment of Network Security Policies , 2010, DPM/SETOP.

[31]  Avishai Wool,et al.  Firmato: a novel firewall management toolkit , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[32]  Simon N. Foley The specification and implementation of “commercial” security requirements including dynamic segregation of duties , 1997, CCS '97.

[33]  Simon N. Foley,et al.  An Approach to Security Policy Configuration Using Semantic Threat Graphs , 2009, DBSec.

[34]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[35]  Achim D. Brucker,et al.  Formal firewall conformance testing: an application of test and proof techniques , 2015, Softw. Test. Verification Reliab..

[36]  Flaminia L. Luccio,et al.  Mignis: A Semantic Based Tool for Firewall Configuration , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[37]  Nora Cuppens-Boulahia,et al.  Handling Stateful Firewall Anomalies , 2012, SEC.

[38]  Nora Cuppens-Boulahia,et al.  A Formal Approach to Specify and Deploy a Network Security Policy , 2004, Formal Aspects in Security and Trust.

[39]  Michelle Cotton,et al.  Special Use IPv4 Addresses , 2010, RFC.