research-article

FAME: a firewall anomaly management environment

Authors:

Ketan KulkarniAuthors Info & Claims

SafeConfig '10: Proceedings of the 3rd ACM workshop on Assurable and usable security configuration

Pages 17 - 26

https://doi.org/10.1145/1866898.1866902

Published: 04 October 2010 Publication History

Abstract

Firewalls are a widely deployed security mechanism to ensure the security of private networks in most businesses and institutions. The effectiveness of security protection provided by a firewall mainly depends on the quality of policy configured in the firewall. However, designing and managing firewall policies are often error-prone due to the complex nature of firewall configurations as well as the lack of systematic analysis mechanisms and tools. This paper represents an innovative anomaly management framework for firewalls, adopting a rule-based segmentation technique to identify policy anomalies and derive effective anomaly resolutions. In particular, we articulate a grid-based representation technique for providing an intuitive cognitive sense about policy anomaly and facilitating efficient policy anomaly management. In addition, we demonstrate the feasibility and applicability of our framework through a proof-of-concept prototype of a visualization-based firewall policy analysis tool called Firewall Anomaly Management Environment (FAME).

References

[1]

}}A Systematic Approach for Conflict Resolution in Firewall Policies. Technical Report ASU-SCIDSE-10-2, Arizona State University, Tempe, May 2010. http: //sefcom.asu.edu/confres/confres.pdf.

[2]

}}Buddy version 2.4. http://sourceforge.net/projects/buddy.

[3]

}}TENABLE Network Security. http://www.nessus.org/nessus.

[4]

}}Tissynbe.py. http://www.tssci-security.com/projects/tissynbe_py.

[5]

}}E. Al-Shaer and H. Hamed. Firewall Policy Advisor for anomaly discovery and rule editing. In Integrated Network Management, 2003. IFIP/IEEE Eighth International Symposium on, pages 17--30, 2003.

[6]

}}E. Al-Shaer and H. Hamed. Discovery of policy anomalies in distributed firewalls. In IEEE INFOCOM, volume 4, pages 2605--2616, 2004.

[7]

}}E. Al-Shaer, W. Marrero, A. El-Atawy, and K. ElBadawi. Network Configuration in A Box: Towards End-to-End Verification of Network Reachability and Security. In Proceedings of the 17th IEEE International Conference on Network Protocols (ICNP), pages 123--132, 2009.

Digital Library

[8]

}}J. Alfaro, N. Boulahia-Cuppens, and F. Cuppens. Complete analysis of configuration rules to guarantee reliable network security policies. International Journal of Information Security, 7(2):103--122, 2008.

Digital Library

[9]

}}F. Baboescu and G. Varghese. Fast and scalable conflict detection for packet classifiers. Computer Networks, 42(6):717--735, 2003.

Digital Library

[10]

}}Y. Bartal, A. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit. ACM Transactions on Computer Systems (TOCS), 22(4):381--420, 2004.

Digital Library

[11]

}}S. Bellovin. Distributed firewalls. Journal of Login, 24(5):37--39, 1999.

[12]

}}C. Brodie, C. Karat, and J. Karat. An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In Proceedings of the second symposium on Usable privacy and security, page 19. ACM, 2006.

Digital Library

[13]

}}E. Chew, M. Swanson, K. Stine, N. Bartol, A. Brown, and W. Robinson. Performance measurement guide for information security. NIST Special Publication, pages 800--55, 2008.

Digital Library

[14]

}}A. El-Atawy, K. Ibrahim, H. Hamed, and E. Al-Shaer. Policy segmentation for intelligent firewall testing. In 1st Workshop on Secure Network Protocols (NPSec 2005), 2005.

Digital Library

[15]

}}A. El-Atawy, T. Samak, E. Al-Shaer, and H. Li. Using online traffic statistical matching for optimizing packet filtering performance. In IEEE INFOCOM 2007. 26th IEEE International Conference on Computer Communications, pages 866--874, 2007.

Digital Library

[16]

}}M. Frigault, L. Wang, A. Singhal, and S. Jajodia. Measuring network security using dynamic bayesian network. In Proceedings of the 4th ACM workshop on Quality of protection, pages 23--30. ACM, 2008.

Digital Library

[17]

}}M. Gouda and X. Liu. Firewall Design: Consistency, Completeness, and Compactness. In Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04), page 327. IEEE Computer Society, 2004.

Digital Library

[18]

}}I. Herman, G. Melançon, and M. Marshall. Graph visualization and navigation in information visualization: A survey. IEEE Transactions on Visualization and Computer Graphics, pages 24--43, 2000.

Digital Library

[19]

}}S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith. Implementing a distributed firewall. In Proceedings of the 7th ACM conference on Computer and communications security, page 199. ACM, 2000.

Digital Library

[20]

}}A. Liu and M. Gouda. Complete redundancy detection in firewalls. Data and Applications Security XIX, pages 193--206, 2005.

Digital Library

[21]

}}A. Mayer, A. Wool, and E. Ziskind. Fang: A firewall analysis engine. In IEEE Symposium on Security and Privacy, pages 177--189. IEEE Computer Society, 2000.

Digital Library

[22]

}}P. Mell, K. Scarfone, and S. Romanosky. A complete guide to the common vulnerability scoring system version 2.0. In Published by FIRST-Forum of Incident Response and Security Teams, June, 2007.

[23]

}}G. Misherghi, L. Yuan, Z. Su, C.-N. Chuah, and H. Chen. A general framework for benchmarking firewall optimization techniques. IEEE Transactions on Network and Service Management, 5(4):227--238, Dec. 2008.

Digital Library

[24]

}}R. Reeder, L. Bauer, L. Cranor, M. Reiter, K. Bacon, K. How, and H. Strong. Expandable grids for visualizing and authoring computer security policies. In Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, pages 1473--1482. ACM, 2008.

Digital Library

[25]

}}M. Sahinoglu. Security meter: A practical decision-tree model to quantify risk. IEEE security & privacy, pages 18--24, 2005.

Digital Library

[26]

}}R. Sawilla and X. Ou. Identifying Critical Attack Assets in Dependency Attack Gaphs. In 13th European Symposium on Research in Computer Security (ESORICS). Springer, 2008.

Digital Library

[27]

}}T. Tran, E. Al-Shaer, and R. Boutaba. PolicyVis: firewall security policy visualization and inspection. In Proceedings of the 21st conference on Large Installation System Administration Conference, pages 1--16. USENIX Association, 2007.

Digital Library

[28]

}}A. Wool. Architecting the lumeta firewall analyzer. In Proceedings of the 10th conference on USENIX Security Symposium-Volume 10, page 7. USENIX Association, 2001.

Digital Library

[29]

}}L. Yuan, H. Chen, J. Mai, C. Chuah, Z. Su, P. Mohapatra, and C. Davis. Fireman: A toolkit for firewall modeling and analysis. In 2006 IEEE Symposium on Security and Privacy, page 15, 2006.

Digital Library

[30]

}}L. Yuan, C. Chuah, and P. Mohapatra. ProgME: towards programmable network measurement. ACM SIGCOMM Computer Communication Review, 37(4):108, 2007

Digital Library

Cited By

Lee HLee SKim KKim H(2024)HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy AnalysisIEEE Access10.1109/ACCESS.2023.334692212(936-948)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2023.3346922
Bringhenti DSeno LValenza F(2023)An Optimized Approach for Assisted Firewall Anomaly ResolutionIEEE Access10.1109/ACCESS.2023.332819411(119693-119710)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3328194
Davari MZulkernine M(2022)Policy Modeling and Anomaly Detection in ABAC PoliciesRisks and Security of Internet and Systems10.1007/978-3-031-02067-4_9(137-152)Online publication date: 9-Apr-2022
https://doi.org/10.1007/978-3-031-02067-4_9
Show More Cited By

Index Terms

FAME: a firewall anomaly management environment
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security

Recommendations

Location aware self-adapting firewall policies

Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the ...
Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
SSIRI '09: Proceedings of the 2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement

Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is ...
Towards quantification of firewall policy complexity
HotSoS '15: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security

Developing metrics for quantifying the security and usability aspects of a system has been of constant interest to the cybersecurity research community. Such metrics have the potential to provide valuable insight on security and usability of a system ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SafeConfig '10: Proceedings of the 3rd ACM workshop on Assurable and usable security configuration

October 2010

98 pages

ISBN:9781450300933

DOI:10.1145/1866898

General Chair:
Tony Sager
National Security Agency, USA
,
Program Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Krishna Kant
Intel Corp./ National Science Foundation, USA
,
Heather Richter Lipford
University of North Carolina at Charlotte, USA

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 October 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '10

Sponsor:

SIGSAC

CCS '10: 17th ACM Conference on Computer and Communications Security 2010

October 4, 2010

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 22 of 61 submissions, 36%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
414
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lee HLee SKim KKim H(2024)HSViz-II: Octet Layered Hierarchy Simplified Visualizations for Distributed Firewall Policy AnalysisIEEE Access10.1109/ACCESS.2023.334692212(936-948)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2023.3346922
Bringhenti DSeno LValenza F(2023)An Optimized Approach for Assisted Firewall Anomaly ResolutionIEEE Access10.1109/ACCESS.2023.332819411(119693-119710)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3328194
Davari MZulkernine M(2022)Policy Modeling and Anomaly Detection in ABAC PoliciesRisks and Security of Internet and Systems10.1007/978-3-031-02067-4_9(137-152)Online publication date: 9-Apr-2022
https://doi.org/10.1007/978-3-031-02067-4_9
Kim TKwon TLee JSong J(2021)F/Wvis: Hierarchical Visual Approach for Effective Optimization of Firewall PolicyIEEE Access10.1109/ACCESS.2021.31001419(105989-106004)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3100141
Lee HLee SKim KKim H(2021)HSViz: Hierarchy Simplified Visualizations for Firewall Policy AnalysisIEEE Access10.1109/ACCESS.2021.30771469(71737-71753)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3077146
JAIDI F(2019)FW-TR: Towards a Novel Generation of Firewalls Based on Trust-Risk Assessment of Filtering Rules and Policies2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC)10.1109/IWCMC.2019.8766470(1043-1048)Online publication date: Jun-2019
https://doi.org/10.1109/IWCMC.2019.8766470
Jaïdi F(2019)A Novel Concept of Firewall-Filtering Service Based on Rules Trust-Risk AssessmentProceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018)10.1007/978-3-030-17065-3_30(298-307)Online publication date: 10-Apr-2019
https://doi.org/10.1007/978-3-030-17065-3_30
Clincy VShahriar H(2018)Detection of Anomaly in Firewall Rule-SetsInternational Conference on Applications and Techniques in Cyber Security and Intelligence ATCI 201810.1007/978-3-319-98776-7_46(422-431)Online publication date: 5-Nov-2018
https://doi.org/10.1007/978-3-319-98776-7_46
Voronkov AIwaya LMartucci LLindskog S(2017)Systematic Literature Review on Usability of Firewall ConfigurationACM Computing Surveys10.1145/313087650:6(1-35)Online publication date: 6-Dec-2017
https://dl.acm.org/doi/10.1145/3130876
Kim HKo SKim DKim H(2017)Firewall ruleset visualization analysis tool based on segmentation2017 IEEE Symposium on Visualization for Cyber Security (VizSec)10.1109/VIZSEC.2017.8062196(1-8)Online publication date: Oct-2017
https://doi.org/10.1109/VIZSEC.2017.8062196
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten