A Heuristic Process for Local Inconsistency Diagnosis in Firewall Rule Sets
نویسندگان
چکیده
منابع مشابه
A Heuristic Process for Local Inconsistency Diagnosis in Firewall Rule Sets
Writing and managing firewall ACLs are hard and error-prone tasks for a wide range of reasons. During these tasks, inconsistent rules can be introduced. An inconsistent firewall ACL implies in general a design error, and indicates that the firewall is accepting traffic that should be denied or vice versa. However, the administrator is who ultimately decides if an inconsistent rule is a fault or...
متن کاملA Heuristic Polynomial Algorithm for Local Inconsistency Diagnosis in Firewall Rule Sets
Firewall ACLs can contain inconsistencies. There is an inconsistency if different actions can be taken on the same flow of traffic, depending on the ordering of the rules. Inconsistent rules should be notified to the system administrator in order to remove them. Minimal diagnosis and characterization of inconsistencies is a combinatorial problem. Although many algorithms have been proposed to s...
متن کاملSemantics-Preserving Simplification of Real-World Firewall Rule Sets
The security provided by a firewall for a computer network almost completely depends on the rules it enforces. For over a decade, it has been a well-known and unsolved problem that the quality of many firewall rule sets is insufficient. Therefore, there are many tools to analyze them. However, we found that none of the available tools could handle typical, real-world iptables rulesets. This is ...
متن کاملEfficient Data Structures for Local Inconsistency Detection in Firewall ACL Updates
Filtering is a very important issue in next generation networks. These networks consist of a relatively high number of resource constrained devices and have special features, such as management of frequent topology changes. At each topology change, the access control policy of all nodes of the network must be automatically modified. In order to manage these access control requirements, Firewall...
متن کاملA Margin-based Model with a Fast Local Searchnewline for Rule Weighting and Reduction in Fuzzynewline Rule-based Classification Systems
Fuzzy Rule-Based Classification Systems (FRBCS) are highly investigated by researchers due to their noise-stability and interpretability. Unfortunately, generating a rule-base which is sufficiently both accurate and interpretable, is a hard process. Rule weighting is one of the approaches to improve the accuracy of a pre-generated rule-base without modifying the original rules. Most of the pro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of Networks
سال: 2009
ISSN: 1796-2056
DOI: 10.4304/jnw.4.8.698-710