Skip to main content
SpringerLink
Log in
Book cover

International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness

QShine 2013: Quality, Reliability, Security and Robustness in Heterogeneous Networks pp 527–542Cite as

An Application of Defeasible Logic Programming for Firewall Verification and Reconfiguration

  • Conference paper

Abstract

Firewalls are the frontier defense in network security. Firewalls provide a set of rules that identify how to handle individual data packets arriving at the network. Firewall configuration is increasingly becoming difficult. Filter properties called anomalies hint at possible conflicts between rules. An argumentation framework could provide ways of handling such conflicts. Verification of a firewall involve finding out whether anomalies exist or not. Reconfiguration involves removing critical anomalies discovered in the verification phase. In this paper, we show how a Defeasible Logic Programming approach with an underlying argumentation based semantics could be applied for verification and reconfiguration of a firewall.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Al-Shaer, E.S., Hamed, H.: Management and translation of filtering security policies. In: IEEE International Conference On Communications (ICC 2003) (2003)

    Google Scholar 

  2. Liu, A.X.: Formal Verification of Firewall Policies. In: Proceedings of the 2008 IEEE International Conference on Communications (ICC), Beijing, China (2008)

    Google Scholar 

  3. Govaerts, J., Bandara, A., Curran, K.: A formal logic approach to firewall packet filtering analysis and generation. Artificial Intelligence Review 29(3), 223–248 (2008)

    Article  Google Scholar 

  4. Hazelhurst, S., Fatti, A., Henwood, A.: Binary decision diagram representations of firewall and router access lists. Technical report, Department of Computer Science, University of the Witwatersrand (1998)

    Google Scholar 

  5. Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall configuration management. In: IFIP/IEEE International Symposium on Integrated Network Management, IM 2009, pp. 180–187. IEEE (2009)

    Google Scholar 

  6. Applebaum, A., Li, Z., Syed, A.R., Levitt, P.K.S., Rowe, J., Sklar, E.: Firewall configuration: An application of multiagent metalevel argumentation. In: Proceedings of the 9th Workshop on Argumentation in Multiagent Systems (2012)

    Google Scholar 

  7. Eronen, P., Zitting, J.: An expert system for analyzing firewall rules. In: Proc. of the 6th Nordic Workshop on Secure IT Systems, NordSec 2001 (2001)

    Google Scholar 

  8. Villemaire, R., Hall, S.: Strong Temporal, Weak Spatial Logic for Rule Based Filters. In: TIME 2009, pp. 115–121 (2009)

    Google Scholar 

  9. Khorchani, B., Villemaire, R., Hall, S.: Firewall anomaly detection with a model checker for visibility logic. In: NOMS 2012, pp. 466–469 (2012)

    Google Scholar 

  10. Hazarika, S.M.: Carving Rule-based Filters within a Spatio-temporal Logic. In: Proceedings of the National Workshop on Security 2010, pp. 30–35 (2010)

    Google Scholar 

  11. Thanasegaran, S., Yin, Y., Tateiwa, Y., Katayama, Y., Takahashi, N.: A topological approach to detect conflicts in firewall policies. In: IEEE International Parallel and Distributed Processing Symposium, pp. 1–7 (2009)

    Google Scholar 

  12. Christiansen, M., Emmanuel, F.: An MITDD based firewall using decision diagrams for packet filtering. Telecommun. Systems 27(2-4), 297–319 (2004)

    Article  Google Scholar 

  13. Mayer, A., Wool, A., Ziskind, E.: Fang: A Firewall Analysis Engine. In: Proceedings of 21st IEEE Symposium on Security & Privacy, Oakland, CA (2000)

    Google Scholar 

  14. Tucat, M., Garcia, A.J., Simari, G.R.: Using Defeasible Logic Programming with Contextual Queries for Developing Recommender Servers. In: Proceedings of the AAAI Fall Symposium (2009)

    Google Scholar 

  15. Garca, A., Simari, G.: Defeasible Logic Programming: An Argumentative Approach. Theory and Practice of Logic Programming 4(1), 95–138 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  16. Garcia-Alfaro, J., Boulahia-Cuppens, N., Cuppens, F.: Complete analysis of configuration rules to guarantee reliable network security policies. International Journal of Information Security, 1615–5262

    Google Scholar 

  17. Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Moataz, T., Rimasson, X.: Handling Stateful Firewall Anomalies. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 174–186. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Gouda, M., Liu, A.: A model of stateful firewalls and its properties. In: DSN, Yokohama, Japan, pp. 128–137 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Engineering, Tezpur University, Tezpur, 784028, India

    Pritom Rajkhowa & Shyamanta M. Hazarika

  2. Department of Computer Science & Engineering, Universidad Nacional del Sur, Bahia Blanca, Argentina

    Guillermo R. Simari

Authors
  1. Pritom Rajkhowa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shyamanta M. Hazarika
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillermo R. Simari
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Gautam Buddha University, Greater Noida, 201310, India

    Karan Singh  & Amit K. Awasthi  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Rajkhowa, P., Hazarika, S.M., Simari, G.R. (2013). An Application of Defeasible Logic Programming for Firewall Verification and Reconfiguration. In: Singh, K., Awasthi, A.K. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Networks. QShine 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37949-9_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37949-9_47

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37948-2

  • Online ISBN: 978-3-642-37949-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation