Detecting and resolving firewall policy anomalies

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni

Research output: Contribution to journalArticlepeer-review

92 Scopus citations

Abstract

The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experiments.

Original languageEnglish (US)
Article number6143955
Pages (from-to)318-331
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume9
Issue number3
DOIs
StatePublished - Jan 1 2012

Keywords

  • Firewall
  • access control
  • policy anomaly management
  • visualization tool

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Detecting and resolving firewall policy anomalies'. Together they form a unique fingerprint.

Cite this