Abstract:
In the recent years, more attention is given to firewalls as they are considered the corner stone in Cyber defense perimeters. The ability to measure the quality of prote...View moreMetadata
Abstract:
In the recent years, more attention is given to firewalls as they are considered the corner stone in Cyber defense perimeters. The ability to measure the quality of protection of a firewall policy is a key step to assess the defense level for any network. To accomplish this task, it is important to define objective metrics that are formally provable and practically useful. In this work, we propose a set of metrics that can objectively evaluate and compare the hardness and similarities of access policies of single firewalls based on rules tightness, the distribution of the allowed traffic, and security requirements. In order to analyze firewall polices based on the policy semantic, we used a canonical representation of firewall rules using Binary Decision Diagrams (BDDs) regardless of the rules format and representation. The contribution of this work comes in measuring and comparing firewall security deterministically in term of security compliance and weakness in order to optimize security policy and engineering.
Date of Conference: 31 October 2011 - 01 November 2011
Date Added to IEEE Xplore: 26 December 2011
ISBN Information: