FAME: A firewall anomaly management environment

Hongxin Hu; Gail-Joon Ahn; Ketan Kulkarni

doi:10.1145/1866898.1866902

FAME: A firewall anomaly management environment

Hongxin Hu, Gail-Joon Ahn, Ketan Kulkarni

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

18 Scopus citations

Abstract

Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

Original language	English (US)
Title of host publication	Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10
Pages	17-26
Number of pages	10
DOIs	https://doi.org/10.1145/1866898.1866902
State	Published - Dec 20 2010
Event	3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10 - Chicago, IL, United States Duration: Oct 4 2010 → Oct 8 2010

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10
Country	United States
City	Chicago, IL
Period	10/4/10 → 10/8/10

Keywords

anomaly management
firewall policies
visualization tool

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1145/1866898.1866902

Fingerprint Dive into the research topics of 'FAME: A firewall anomaly management environment'. Together they form a unique fingerprint.

Cite this

Hu, H., Ahn, G-J., & Kulkarni, K. (2010). FAME: A firewall anomaly management environment. In Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10 (pp. 17-26). [1866902] (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1866898.1866902

FAME : A firewall anomaly management environment. / Hu, Hongxin; Ahn, Gail-Joon; Kulkarni, Ketan.

Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10. 2010. p. 17-26 1866902 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hu, H, Ahn, G-J & Kulkarni, K 2010, FAME: A firewall anomaly management environment. in Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10., 1866902, Proceedings of the ACM Conference on Computer and Communications Security, pp. 17-26, 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10, Chicago, IL, United States, 10/4/10. https://doi.org/10.1145/1866898.1866902

@inproceedings{b6d0552d903441619b7aa2880063feaf,

title = "FAME: A firewall anomaly management environment",

abstract = "Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).",

keywords = "anomaly management, firewall policies, visualization tool",

author = "Hongxin Hu and Gail-Joon Ahn and Ketan Kulkarni",

year = "2010",

month = dec,

day = "20",

doi = "10.1145/1866898.1866902",

language = "English (US)",

isbn = "9781450300933",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "17--26",

booktitle = "Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10",

note = "3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10 ; Conference date: 04-10-2010 Through 08-10-2010",

}

TY - GEN

T1 - FAME

T2 - 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

AU - Kulkarni, Ketan

PY - 2010/12/20

Y1 - 2010/12/20

N2 - Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

AB - Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

KW - anomaly management

KW - firewall policies

KW - visualization tool

UR - http://www.scopus.com/inward/record.url?scp=78650166376&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650166376&partnerID=8YFLogxK

U2 - 10.1145/1866898.1866902

DO - 10.1145/1866898.1866902

M3 - Conference contribution

AN - SCOPUS:78650166376

SN - 9781450300933

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 17

EP - 26

BT - Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, SafeConfig '10, Co-located with CCS'10

Y2 - 4 October 2010 through 8 October 2010

ER -