A formal framework for verifying inter-firewalls consistency
ISCC(2014)
摘要
The main problem of firewall configuration is to ensure the filtering rules consistency w.r.t. a global security policy. However, the overall firewalls configuration on a network, which requires a human intervention, is often an error-prone process. Therefore, automated solutions are needed in order to detect firewall configuration inconsistencies and to check the inter-firewalls consistency. In this paper, we propose a formal modeling and verification framework based on model checking. It allows to verify automatically the end-to-end security behavior of a set of firewalls w.r.t. a global security policy. To deal with state explosion problem, two abstractions are proposed and evaluated in term of space and time complexity, according to the network size and connectivity rate.
更多查看译文
关键词
human intervention,connectivity rate,firewalls,interfirewalls consistency verification,formal verification framework,time complexity,model checking,global security policy,space complexity,error-prone process,security policy,firewall,formal modeling,computational complexity,network size,state explosion problem,filtering rules consistency,end-to-end security behavior,firewall configuration inconsistency detection,formal verification,network topology,filtering,automata
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要