Abstract
Firewalls offer a protection for private networks against external attacks. However, configuring firewalls correctly is a dificult task. There are two main reasons. One is that the effects of a firewall configuration cannot be easily seen during the configuration time. Another one is the lack of guidance to help configuring firewalls. In this paper, we propose a general and unified methodology for the verification and the synthesis of firewall configurations. Our verification methodology offers a way to foresee and analyze effects of firewall configurations during the configuration time. Furthermore, our synthesis methodology can generate firewall configurations that satisfies users’ requirements. As a result, firewall configurations that are free of many kinds of errors and loopholes can be obtained easily.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cheswick W.R. and Bellovin S.M., Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley, 1994.
Chapman D.B. and Zwicky E.D., Building Internet Firewall, O' Reilly & Associates, 1995.
Permpoontanalarp Y. and Rujimethabhas C., A Graph Theoretic Model for Hardware-based Firewalls, In proceedings of 9th IEEE International Conference on Networks (ICON), Thailand, 2001.
Gross J. and Yellen J., Graph Theory and its Applications, CRC Press LLC, 1998
Holzmann G.J., Design and Validation of Computer Protocols, Prentice Hall Software Series, 1991.
Bartal Y., Mayer A., Nissim K. and Wool A., Firmato: A Novel Firewall Management Toolkit, In proceedings of 20th IEEE Symposium on Security & Privacy, Oakland, CA, 1999.
Guttman J.D., Filtering Postures: Local Enforcement for Global Policies, In proceedings of 17th IEEE Symposium on Security & Privacy, Oakland, CA, 1997.
Mayer A., Wool A. and Ziskind E., Fang: A Firewall Analysis Engine, In proceedings of 21st IEEE Symposium on Security & Privacy, Oakland, CA, 2000.
Rujimethabhas C., A Graph-based Methodology for Hardware-based Firewalls, Master Thesis, Department of Computer Engineering, King Mongkut’s University of Technology Thonburi, Bangkok, Thailand, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Permpoontanalarp, Y., Rujimethabhas, C. (2001). A Unified Methodology for Verification and Synthesis of Firewall Configurations. In: Qing, S., Okamoto, T., Zhou, J. (eds) Information and Communications Security. ICICS 2001. Lecture Notes in Computer Science, vol 2229. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45600-7_36
Download citation
DOI: https://doi.org/10.1007/3-540-45600-7_36
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42880-0
Online ISBN: 978-3-540-45600-1
eBook Packages: Springer Book Archive