Complete Redundancy Detection in Firewalls

نویسندگان

  • Alex X. Liu
  • Mohamed G. Gouda
چکیده

Firewalls are safety-critical systems that secure most private networks. The function of a firewall is to examine each incoming and outgoing packet and decide whether to accept or to discard the packet. This decision is made according to a sequence of rules, where some rules may be redundant. Redundant rules significantly degrade the performance of firewalls. Previous work detects only two special types of redundant rules. In this paper, we solve the problem of how to detect all redundant rules. First, we give a necessary and sufficient condition for identifying all redundant rules. Based on this condition, we categorize redundant rules into upward redundant rules and downward redundant rules. Second, we present methods for detecting the two types of redundant rules respectively. Our methods make use of a tree representation of firewalls, which is called firewall decision trees.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW

Many research has been done with regards to firewalls during the last decade. Specifically, the main research efforts have focused on improving the computational complexity of packet classification and ensuring the rule-set consistency. Nevertheless, other aspects such as faulttolerance of stateful firewalls still remain open. Continued availability of firewalls has become a critical factor for...

متن کامل

Redundancy and its forms in the last third of the Holy Quran

Recognizing the rhetoric sciences plays an important role in understanding facetiae and minutes of the Qur'an. One of the subdirectories of the semantics is "brevity, redundant and equality" that has long been of interest to scholars of rhetoric, so that some scholar experts have been confined rhetoric to this discussion. Therefore in enumerating types of brevity, redundant and equality differe...

متن کامل

Firewalls Intrusion Detection Systems And Antivirus Software

This includes checking server and firewall logs, scrutinizing network traffic, firewalls, intrusion detection systems, cryptography systems and antivirus software. tutorials, software listings and reviews for information security professionals covering topics such as firewalls, viruses, intrusion detection and other security topics. WindowSecurity.com Readers' Choice Award Winner Email Anti Vir...

متن کامل

Dynamic Rule based Interfirewall Optimization using Redundancy Removal Algorithm

Firewall is a typical security system that extensively secures the private networks. The operation of a firewall is to analyze every packet and decide whether to accept or discard it based upon the firewall policy. This policy is specified as a set of rules. The work focuses on inter-firewall optimization over distinct administrative domain without exploiting the privacy policies. With the mass...

متن کامل

A graph theoretic model for hardware-based firewalls

Firewalls offer a protection for private networks against external attacks. However, Configuring firewalls is a difficult task. The reason in that the effects of a firewall configuration cannot be easily seen during the configuration time. As a result, errors and loopholes in firewall configurations, if exist are discovered only after they actually happen at the execution time. In this paper, w...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005