Semantics-preserving simplification of real-world firewall rule sets

Cornelius Diekmann, Lars Hupel, Georg Carle

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

5 Zitate (Scopus)

Abstract

The security provided by a firewall for a computer network almost completely depends on the rules it enforces. For over a decade, it has been a well-known and unsolved problem that the quality of many firewall rule sets is insufficient. Therefore, there are many tools to analyze them. However, we found that none of the available tools could handle typical, real-world iptables rulesets. This is due to the complex chain model used by iptables, but also to the vast amount of possible match conditions that occur in real-world firewalls, many of which are not understood by academic and open source tools. In this paper, we provide algorithms to transform firewall rulesets. We reduce the execution model to a simple list model and use ternary logic to abstract over all unknownmatch conditions.These transformations enable existingtools tounderstandreal-worldfirewall rules,whichwe demonstrate on four decently-sized rulesets. Using the Isabelle theorem prover, we formally showthat all our algorithms preserve the firewall’s filtering behavior.

OriginalspracheEnglisch
TitelFM 2015
UntertitelFormal Methods - 20th International Symposium, Proceedings
Redakteure/-innenNikolaj Bjorner, Frank de Boer
Herausgeber (Verlag)Springer Verlag
Seiten195-212
Seitenumfang18
ISBN (elektronisch)9783319192482
DOIs
PublikationsstatusVeröffentlicht - 2015
Veranstaltung20th International Symposium on Formal Methods, FM 2015 - Oslo, Norwegen
Dauer: 24 Juni 201526 Juni 2015

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band9109
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Konferenz

Konferenz20th International Symposium on Formal Methods, FM 2015
Land/GebietNorwegen
OrtOslo
Zeitraum24/06/1526/06/15

Fingerprint

Untersuchen Sie die Forschungsthemen von „Semantics-preserving simplification of real-world firewall rule sets“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren