In this paper, we present a new framework to analyze firewall policy by using argumentation. At the core of this new idea is extending firewall rules with the concept of “reasons” and arguing about the reasons, not the rules. Depending on how the reasons are designed, the resulting framework can be useful in a number of ways: new anomalies in a firewall policy can be identified while, at the sa...

As firewalls have increased in power and flexibility, the complexity of configuring them correctly has grown significantly. An error in the firewall configuration can compromise the security of the system or interfere with normal network activity. The chance of an error increases when coordinating multiple firewalls, because the interaction between filters may hide errors more easily noticed on...

Internet-connected organizations often employ an Internet firewall to mitigate risks of system penetration, data theft, data destruction, and other security breaches. Conventional Internet firewalls, however, impose an overly simple inside-vs-outside model of security that is incompatible with many business practices that require extending limited trust to external entities, for example, suppli...

Security in computer networks is a very complex task especially if it is required to separate a corporate network from public Internet or to divide a company’s intranet into multiple zones with different security requirements. The network security policy that describes these security requirements is primarily presented in a high-level form. Also, the security policy is enforced using some low-l...

Software Defined Networking (SDN) is a current research trend that follows the ideology of physical separation of the control and data plane of the forwarding devices. SDN mainly advocates with two types of devices: (1) Controllers, that implement the control plane and (2) Switches, that perform the data plane operations. OpenFlow protocol (OFP) is the current standard through which controllers...

We present a new security technology called the Multilayer Firewall. We argue that it is useful in some situations for which other approaches, such as cryptographically protected communications, present operational or economic difficulties. In other circumstances a Multilayer Firewall can compliment such security technology by providing additional protection against intruder attacks. We first p...

Everyday the usages of the Internet increase and simply a world of the data become accessible. Network providers do not want to let the provided services to be used in harmful or terrorist affairs, so they used a variety of methods to protect the special regions from the harmful data. One of the most important methods is supposed to be the firewall. Firewall stops the transfer of such packets t...

High-performance firewalls can benefit from the increasing size, speed and flexibility of advanced reconfigurable hardware. However, direct translation of conventional firewall rules in a router-based rule set often leads to inefficient hardware implementation. Moreover, such lowlevel description of firewall rules tends to be difficult to manage and to extend. We describe a framework, based on ...