A General Framework For Managing Firewall Policy Anomalies

International Journal of Computer Trends and Technology (IJCTT)          
© - October Issue 2013 by IJCTT Journal
Volume-4 Issue-10                           
Year of Publication : 2013
Authors :Deepak Pedapenki , Sheikh Gouse , R.Manasa Annapurna


Deepak Pedapenki , Sheikh Gouse , R.Manasa Annapurna"A General Framework For Managing Firewall Policy Anomalies"International Journal of Computer Trends and Technology (IJCTT),V4(10):3607-3613 October Issue 2013 .ISSN 2231-2803.www.ijcttjournal.org. Published by Seventh Sense Research Group.

Abstract:-  Enterprise applications can be integrated to form chains of businesses. The technologies of distributed computing made it possible. This enables applications to interact with each other irrespective of the platform in which they are built. Though it is very useful in real world, such applications face security problems. To overcome this problem, firewalls are used in many networks that can monitor the incoming and outgoing flows. However, the efficiency of firewall depends on its security policies. The quality of security policies configured in firewall increases the level of security. In order to achieve this policies are to be created with plenty of rules and regulations as required. Such security policies are complex in nature but provide more quality rules to protect the systems. Nevertheless, it is the proven fact that creating and maintaining firewall policiesis error prone. The reason behind this is that firewall policies are very complex. Lack of sophisticated tool support is also a problem. In this paper we presented a framework for policy management for firewalls. The technique used by the framework is “rule-based segmentation”. This technique could effectively identify anonomolies in firewall policies. We implement the firewall policy management framework customer Java Simulator. The prototype application is used to demonstrate the proof of concept. The simulation results revealed that the framework is able to detect and resovel anomoloies in filewall policies.


References -
[1] A. Wool, “Trends in Firewall Configuration Errors: Measuring theHoles in Swiss Cheese,” IEEE Internet Computing, vol. 14, no. 4,pp. 58-65, July/Aug. 2010.
[2] J. Alfaro, N. Boulahia-Cuppens, and F. Cuppens, “CompleteAnalysis of Configuration Rules to Guarantee Reliable NetworkSecurity Policies,” Int’l J. Information Security, vol. 7, no. 2, pp. 103-122, 2008.
[3] F. Baboescu and G. Varghese, “Fast and Scalable ConflictDetection for Packet Classifiers,” Computer Networks, vol. 42, no. 6, pp. 717-735, 2003.
[4] L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra, and C.Davis, “Fireman: A Toolkit for Firewall Modeling and Analysis,”Proc. IEEE Symp. Security and Privacy, p. 15, 2006.
[5]Hongxin Hu,Gail-Joon Ahn, IEEE, and Ketan Kulkarni., 2012. “Detecting and ResolvingFirewall Policy Anomalies”, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 3, MAY/JUNE 2012.
[6] E. Lupu and M. Sloman, “Conflicts in Policy-Based DistributedSystems Management,” IEEE Trans. Software Eng., vol. 25, no. 6,pp. 852-869, Nov./Dec. 1999.
[7] A. Wool, “Architecting the Lumeta Firewall Analyzer,” Proc. 10thConf. USENIX Security Symp., vol. 10, p. 7, 2001.
[8] A. Mayer, A. Wool, and E. Ziskind, “Fang: A Firewall AnalysisEngine,” Proc. IEEE Symp. Security and Privacy, pp. 177-189, 2000.
[9] M. Gouda and X. Liu, “Firewall Design: Consistency, Completeness, and Compactness,” Proc. 24th Int’l Conf. Distributed ComputingSystems (ICDCS ’04), p. 327, 2004.
[10] S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith, “Implementinga Distributed Firewall,” Proc. Seventh ACM Conf. Computer andComm. Security, p. 199, 2000.
inDistributed Firewalls,” IEEE INFOCOM ’04, vol. 4, pp. 2605- 2616, 2004.
[12] A. Hari, S. Suri, and G. Parulkar, “Detecting and Resolving PacketFilter Conflicts,” Proc. IEEE INFOCOM, pp. 1203-1212, 2000.
[13] Z. Fu, S. Wu, H. Huang, K. Loh, F. Gong, I. Baldine, and C. Xu,“IPSec/VPN Security Policy: Correctness, Conflict Detection andResolution,” Proc. Int’l Workshop Policies for Distributed Systems andNetworks (POLICY ’01), pp. 39-56, 2001.
[14] I. Fundulaki and M. Marx, “Specifying Access Control Policies forXML Documents with Xpath,” Proc. Ninth ACM Symp. AccessControl Models and Technologies, pp. 61-69, 2004.
ogicalLanguage for Expressing Authorizations,” Proc. IEEE Symp.Security and Privacy, pp. 31-42, May 1997.
[16] N. Li, Q. Wang, W. Qardaji, E. Bertino, P. Rao, J. Lobo, and D. Lin,“Access Control Policy Combining: Theory Meets Practice,” Proc.14th ACM Symp. Access Control Models and Technologies, pp. 135-144, 2009.
[17] R. Reeder, L. Bauer, L. Cranor, M. Reiter, K. Bacon, K. How, andH. Strong, “Expandable Grids for Visualizing and AuthoringComputer Security Policies,” Proc. 26th Ann. SIGCHI Conf. HumanFactors in Computing Systems, pp. 1473-1482, 2008.
[18] C. Brodie, C. Karat, and J. Karat, “An Empirical Study of NaturalLanguage Parsing of Privacy Policy Rules Using the SPARCLEPolicy Workbench,” Proc. Second Symp. Usable Privacy and Security,pp. 8-19, 2006.

Keywords :— Firewall, security, policy management