85 Citations (Scopus)

Abstract

The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experiments.

Original languageEnglish (US)
Article number6143955
Pages (from-to)318-331
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume9
Issue number3
DOIs
StatePublished - 2012

Fingerprint

Industry
Service oriented architecture (SOA)
Cloud computing
Visualization
Experiments

Keywords

  • access control
  • Firewall
  • policy anomaly management
  • visualization tool

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Detecting and resolving firewall policy anomalies. / Hu, Hongxin; Ahn, Gail-Joon; Kulkarni, Ketan.

In: IEEE Transactions on Dependable and Secure Computing, Vol. 9, No. 3, 6143955, 2012, p. 318-331.

Research output: Contribution to journalArticle

@article{d93b61a29ec2450a862fc92bd09d202b,
title = "Detecting and resolving firewall policy anomalies",
abstract = "The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experiments.",
keywords = "access control, Firewall, policy anomaly management, visualization tool",
author = "Hongxin Hu and Gail-Joon Ahn and Ketan Kulkarni",
year = "2012",
doi = "10.1109/TDSC.2012.20",
language = "English (US)",
volume = "9",
pages = "318--331",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

TY - JOUR

T1 - Detecting and resolving firewall policy anomalies

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Kulkarni, Ketan

PY - 2012

Y1 - 2012

N2 - The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experiments.

AB - The advent of emerging computing technologies such as service-oriented architecture and cloud computing has enabled us to perform business services more efficiently and effectively. However, we still suffer from unintended security leakages by unauthorized actions in business services. Firewalls are the most widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. Unfortunately, designing and managing firewall policies are often error prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. In this paper, we represent an innovative policy anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique, providing an intuitive cognitive sense about policy anomaly. We also discuss a proof-of-concept implementation of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME). In addition, we demonstrate how efficiently our approach can discover and resolve anomalies in firewall policies through rigorous experiments.

KW - access control

KW - Firewall

KW - policy anomaly management

KW - visualization tool

UR - http://www.scopus.com/inward/record.url?scp=84858632756&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84858632756&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2012.20

DO - 10.1109/TDSC.2012.20

M3 - Article

AN - SCOPUS:84858632756

VL - 9

SP - 318

EP - 331

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

IS - 3

M1 - 6143955

ER -