Abstract
The challenge to address in multi-firewall and security gateway environment is to implement conflict-free policies, necessary to avoid security inconsistency, and to optimize, at the same time, performances in term of average filtering time, in order to make firewalls stronger against DoS and DDoS attacks. Additionally the approach should be real time, based on the characteristics of network traffic. Our work defines an algorithm to find conflict free optimized device rule sets in real time, by relying on information gathered from traffic analysis. We show results obtained from our test environment demonstrating for computational power savings up to 24% with fully conflict free device policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hari, H.B., Suri, S., Parulkar, G.: Detecting and Resolving Packet Filter Conflicts. In: Proceedings of IEEE INFOCOM 2000, Tel Aviv (2000)
Al-Shaer, E., Hamed, H.: Modeling and Management of Firewall Policies. In: IEEE eTransactions on Network and Service Management, vol. 1-1 (2004)
Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict Classification and Analysis of Distributed Firewall Policies. IEEE Journal on Selected Areas in Communications 23(10) (2005)
Al-Shaer, E., Hamed, H.: Firewall Policy Advisor for Anomaly Detection and Rule Editing. In: Proceedings of IEEE/IFIP Integrated Management Conference (IM 2003), Colorado Springs (2003)
Ferraresi, S., Pesic, S., Trazza, L., Baiocchi, A.: Automatic Conflict Analysis and Resolution of Traffic Filtering Policy for Firewall and Security Gateway. In: IEEE International Conference on Communications 2007 (ICC 2007), Glasgow (2007)
Ferraresi, S., Francocci, E., Quaglini, A., Picasso, F.: Security Policy Tuning among IP Devices. In: Apolloni, B., Howlett, R.J., Jain, L. (eds.) KES 2007, Part II. LNCS (LNAI), vol. 4693. Springer, Heidelberg (2007)
Fulp, E.W.: Optimization of network firewall policies using directed acyclical graphs. In: Proceedings of the IEEE Internet Management Conference (2005)
Acharya, S., Wang, J., Ge, Z., Znati, T., Greenberg, A.: Simulation study of firewalls to aid improved performance. In: Proceedings of 39th Annual Simulation Symposium (ANSS 2006), Huntsville (2006)
Acharya, S., Wang, J., Ge, Z., Znati, T., Greenberg, A.: Traffic-aware firewall optimization Strategies. In: IEEE International Conference on Communications (ICC 2006), Istambul (2006)
Zhao, L., Inoue, Y., Yamamoto, H.: Delay reduction for linear-search based packet filters. In: International Technical Conference on Circuits/Systems, Computers and Communication (ITC-CSCC 2004), Japan (2004)
Hamed, H., Al-Shaer, E.: Dynamic rule ordering optimization for high speed firewall Filtering. In: ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2006), Taipei (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maiolini, G., Cignini, L., Baiocchi, A. (2009). Automated Framework for Policy Optimization in Firewalls and Security Gateways. In: Corchado, E., Zunino, R., Gastaldo, P., Herrero, Á. (eds) Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS’08. Advances in Soft Computing, vol 53. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88181-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-88181-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88180-3
Online ISBN: 978-3-540-88181-0
eBook Packages: EngineeringEngineering (R0)