The Community for Technology Leaders
RSS Icon
Issue No.09 - September (2008 vol.19)
pp: 1237-1251
Firewalls are the mainstay of enterprise security and the most widely adopted technology for protecting private networks. An error in a firewall policy either creates security holes that will allow malicious traffic to sneak into a private network or blocks legitimate traffic and disrupts normal business processes, which in turn could lead to irreparable, if not tragic, consequences. It has been observed that most firewall policies on the Internet are poorly designed and have many errors. Therefore, how to design firewall policies correctly is an important issue. In this paper, we propose the method of diverse firewall design, which consists of three phases: a design phase, a comparison phase, and a resolution phase. In the design phase, the same requirement specification of a firewall policy is given to multiple teams who proceed independently to design different versions of the firewall policy. In the comparison phase, the resulting multiple versions are compared with each other to detect all functional discrepancies between them. In the resolution phase, all discrepancies are resolved and a firewall that is agreed upon by all teams is generated.
Security and Privacy Protection, Operating Systems Software/Software Engineering, Reliability, Configuration Management
Alex X. Liu, Mohamed G. Gouda, "Diverse Firewall Design", IEEE Transactions on Parallel & Distributed Systems, vol.19, no. 9, pp. 1237-1251, September 2008, doi:10.1109/TPDS.2007.70802
[1] E. Al-Shaer and H. Hamed, “Discovery of Policy Anomalies in Distributed Firewalls,” Proc. IEEE INFOCOM '04, pp. 2605-2616, Mar. 2004.
[2] H. Anderson and G. Hagelin, “Computer Controlled Interlocking System,” Ericsson Rev., vol. 2, 1981.
[3] A. Avizienis, “The N-Version Approach to Fault Tolerant Software,” IEEE Trans. Software Eng., vol. 11, no. 12, pp. 1491-1501, 1985.
[4] A. Avizienis, “The Methodology of N-Version Programming,” Software Fault Tolerance, Chapter 2, M.R. Lyu, ed., pp. 23-46, Wiley, 1995.
[5] Y. Bartal, A.J. Mayer, K. Nissim, and A. Wool, “Firmato: A Novel Firewall Management Toolkit,” Proc. IEEE Symp. Security and Privacy (S&P '99), pp. 17-31, 1999.
[6] R.E. Bryant, “Graph-Based Algorithms for Boolean Function Manipulation,” IEEE Trans. Computers, vol. 35, no. 8, pp. 677-691, 1986.
[7] A. Condor and G. Hinton, “Fault Tolerant and Fail-Safe Design ofCandu Computerized Shutdown Systems,” IAEA Specialist Meeting on Microprocessors Important to the Safety of Nuclear PowerPlants, May 1988.
[8] K. Fisler, S. Krishnamurthi, L. Meyerovich, and M. Tschantz, “Verification and Change Impact Analysis of Access-Control Policies,” Proc. 27th Int'l Conf. Software Eng. (ICSE '05), May 2005.
[9] M. Frantzen, F. Kerschbaum, E. Schultz, and S. Fahmy, “A Framework for Understanding Vulnerabilities in Firewalls Using a Dataflow Model of Firewall Internals,” Computers and Security, vol. 20, no. 3, pp. 263-270, 2001.
[10] M.G. Gouda and A.X. Liu, “Firewall Design: Consistency, Completeness and Compactness,” Proc. 24th IEEE Int'l Conf. Distributed Computing Systems (ICDCS '04), pp. 320-327, Mar. 2004.
[11] M.G. Gouda and A.X. Liu, “A Model of Stateful Firewalls and ItsProperties,” Proc. IEEE Int'l Conf. Dependable Systems and Networks (DSN '05), pp. 320-327, June 2005.
[12] M.G. Gouda and A.X. Liu, “Structured Firewall Design,” Computer Networks J., vol. 51, no. 4, pp. 1106-1120, Mar. 2007.
[13] P. Gupta, “Algorithms for Routing Lookups and Packet Classification,” PhD dissertation, Stanford Univ., 2000.
[14] P. Gupta and N. McKeown, “Algorithms for Packet Classification,” IEEE Network, vol. 15, no. 2, pp. 24-32, 2001.
[15] J.D. Guttman, “Filtering Postures: Local Enforcement for Global Policies,” Proc. IEEE Symp. Security and Privacy (S&P '97), pp.120-129, 1997.
[16] H. Hamed, E. Al-Shaer, and W. Marrero, “Modeling and Verification of IPsec and VPN Security Policies,” Proc. 13th IEEEInt'l Conf. Network Protocols (ICNP '05), pp. 259-278, Nov. 2005.
[17] S. Horwitz, “Identifying the Semantic and Textual Differences between Two Versions of a Program,” Proc. ACM Conf. Programming Language Design and Implementation (PLDI '90), pp. 234-245, 1990.
[18] S. Kamara, S. Fahmy, E. Schultz, F. Kerschbaum, and M. Frantzen, “Analysis of Vulnerabilities in Internet Firewalls,” Computers and Security, vol. 22, no. 3, pp. 214-232, 2003.
[19] A.X. Liu and M.G. Gouda, “Complete Redundancy Detection in Firewalls,” Proc. 19th Ann. IFIP Conf. Data and Applications Security, pp. 196-209, Aug. 2005.
[20] A.X. Liu, M.G. Gouda, H.H. Ma, and A.H. Ngu, “Firewall Queries,” Proc. Eighth Int'l Conf. Principles of Distributed Systems (OPODIS '04), pp. 124-139, Dec. 2004.
[21] D. Oppenheimer, A. Ganapathi, and D.A. Patterson, “Why Do Internet Services Fail, and What Can Be Done about It?” Proc. Fourth Usenix Symp. Internet Technologies and Systems (USITS '03), Mar. 2003.
[22] X. Ren, O.C. Chesley, and B.G. Ryder, “Using a Concept Lattice of Decomposition Slices for Program Understanding and Impact Analysis,” IEEE Trans. Software Eng., vol. 32, no. 9, pp. 718-732, 2006.
[23] F. Somenzi, Cudd: Cu Decision Diagram Package Release 2.4.1,, 2007.
[24] P. Traverse, “Airbus and ATR System Architecture and Specification,” Software Diversity in Computerized Control Systems, U. Voges, ed. Springer Verlag, 1988.
[25] M.A. Vouk, “On Back-to-Back Testing,” Proc. Third Ann. Conf. Computer Assurance (COMPASS '88), pp. 84-91, 1988.
[26] A. Wool, “A Quantitative Study of Firewall Configuration Errors,” Computer, vol. 37, no. 6, pp. 62-67, 2004.
[27] J. Xu and M. Singhal, “Design and Evaluation of a High-Performance ATM Firewall Switch and Its Applications,” IEEEJ. Selected Areas in Comm., vol. 17, no. 6, pp. 1190-1200, 1999.
[28] J. Xu and M. Singhal, “Design of a High-Performance ATM Firewall,” ACM Trans. Information and System Security, vol. 2, no. 3, pp. 269-294, 1999.
[29] L. Yuan, H. Chen, J. Mai, C.-N. Chuah, Z. Su, and P. Mohapatra, “Fireman: A Toolkit for Firewall Modeling and Analysis,” Proc. IEEE Symp. Security and Privacy (S&P '06), May 2006.
23 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool