Verified iptables firewall analysis

Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

21 Scopus citations

Abstract

We present a fully verified firewall ruleset analysis framework. Ultimately, it computes minimal service matrices, i.e. graphs which partition the complete IPv4 address space and visualize the allowed accesses between partitions for a fixed service. Internally, we are working with a simplified firewall model and a core contribution is the translation of complex real-world iptables firewall rules into this model. The presented algorithms and translation are formally proven correct with the Isabelle theorem prover. A real-world evaluation demonstrates the applicability of our tool. Both the iptables-save datasets and the Isabelle formalization are publicly available.

Original languageEnglish
Title of host publication2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages252-260
Number of pages9
ISBN (Electronic)9783901882838
DOIs
StatePublished - 21 Jun 2016
Event2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016 - Vienna, Austria
Duration: 17 May 201619 May 2016

Publication series

Name2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016

Conference

Conference2016 IFIP Networking Conference (IFIP Networking) and Workshops, IFIP Networking 2016
Country/TerritoryAustria
CityVienna
Period17/05/1619/05/16

Fingerprint

Dive into the research topics of 'Verified iptables firewall analysis'. Together they form a unique fingerprint.

Cite this