Towards Optimal Firewall Rule Ordering Utilizing Directed Acyclical Graphs

Tapdiya, Ashish; Fulp, Errin W.

doi:10.1109/icccn.2009.5235232

Cited by 25 publications

(16 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Results presented here are most closely associated with the techniques developed in [10]. However, there are important differences between their and our methods.…”

Section: A Related Workmentioning

confidence: 95%

See 1 more Smart Citation

Fast and scalable method for resolving anomalies in firewall policies

Gobjuka

Ahmat

2011

2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

View full text Add to dashboard Cite

In this paper, we investigate the problem of improving the performance and scalability of large firewall policies that comprise thousands of rules by detecting and resolving any potential conflicts among them. We present a novel, highly scalable data structure that requires O(n) space where n is the number of rules in the policy to represent the dependency among rules. After that, we describe a practical heuristic that utilizes our data structure to find conflicting rules, and consequently find an optimal ordering of consistent ones. Our algorithm has time complexity O(n 2 log n), making it the fastest to-date known algorithm for firewall rule anomaly discovery and resolution. We validate the practicality of our algorithm through real-life firewall policies and synthetic firewall policies of large data. Performance results show that our heuristic algorithm achieves from 40% to 87% improvement in the number of comparisons overhead, comparatively with the original policies.

show abstract

“…Results presented here are most closely associated with the techniques developed in [10]. However, there are important differences between their and our methods.…”

Section: A Related Workmentioning

confidence: 95%

“…In this section, we focus our literature study on related research that is close to our work in the areas of firewall rule conflict detection and optimization analysis [1], [4], [6], [8] and [10].…”

Section: A Related Workmentioning

confidence: 99%

Fast and scalable method for resolving anomalies in firewall policies

Gobjuka

Ahmat

2011

2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)

View full text Add to dashboard Cite

show abstract

“…Tapdiya and Fulp used a directed acyclic graph (DAG) reflecting the rule dependencies of a rule set and rearranged the rules so as to reduce the cost of rule comparisons [5]. Their method takes a further O(n 3 ) time to reorder the rules associated with the DAG.…”

Section: Related Workmentioning

confidence: 99%

Optimization of packet filter with maintenance of rule dependencies

2013

View full text Add to dashboard Cite

show abstract

“…The authors of [12] presented a heuristic algorithm for optimized policy RR that is able to re-order a policy containing precedence relationships (or a sub-graph in the DAG) in such a way that the policy integrity is maintained. A short synopsis of the most important aspects of this algorithm is given below.…”

Section: A Dag-based Algorithmmentioning

confidence: 99%

Dynamic Ordering of Firewall Rules Using a Novel Swapping Window-based Paradigm

Mohan

Yazidi

Feng

et al. 2016

Proceedings of the 6th International Conference on Communication and Network Security

View full text Add to dashboard Cite

Designing and implementing efficient firewall strategies in the age of the Internet of Things (IoT) is far from trivial. This is because, as time proceeds, an increasing number of devices will be connected, accessed and controlled on the Internet.Additionally, an ever-increasingly amount of sensitive information will be stored on various networks. A good and efficient firewall strategy will attempt to secure this information, and to also manage the large amount of inevitable network traffic that these devices create. The goal of this paper is to propose a framework for designing optimized firewalls for the IoT. Further, by performing a rigorous suite of experiments, we demonstrate that both algorithms are capable of optimizing the constraints imposed for obtaining an efficient firewall.

show abstract

Towards Optimal Firewall Rule Ordering Utilizing Directed Acyclical Graphs

Cited by 25 publications

References 4 publications

Fast and scalable method for resolving anomalies in firewall policies

Fast and scalable method for resolving anomalies in firewall policies

Optimization of packet filter with maintenance of rule dependencies

Dynamic Ordering of Firewall Rules Using a Novel Swapping Window-based Paradigm

Contact Info

Product

Resources

About