EFFICIENT ALGORITHMS AND ABSTRACT DATA TYPES FOR LOCAL INCONSISTENCY ISOLATION IN FIREWALL ACLS

S. Pozo; A. J. Varela-Vaca; R. M. Gasca; R. Ceballos

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

EFFICIENT ALGORITHMS AND ABSTRACT DATA TYPES FOR LOCAL INCONSISTENCY ISOLATION IN FIREWALL ACLS

Topics: Access Control in Computing Environments; Data and Systems Security; Security Verification and Validation

In Proceedings of the International Conference on Security and Cryptography - Volume 0ICETE, 42-53, 2009 , Milan, Italy

Authors: S. Pozo ; A. J. Varela-Vaca ; R. M. Gasca and R. Ceballos

Affiliation: University of Seville, Spain

Keyword(s): Isolation, Inconsistency, Conflict, Anomaly, Firewall, Acl, Ruleset.

Related Ontology Subjects/Areas/Topics: Access Control ; Data and Systems Security ; Data Engineering ; Databases and Data Security ; Information and Systems Security ; Internet Technology ; Security Verification and Validation ; Web Information Systems and Technologies

Abstract: Writing and managing firewall ACLs are hard, tedious, time-consuming and error-prone tasks for a wide range of reasons. During these tasks, inconsistent rules can be introduced. An inconsistent firewall ACL implies in general a design fault, and indicates that the firewall is accepting traffic that should be denied or vice versa. This can result in severe problems such as unwanted accesses to services, denial of service, overflows, etc. However, the administrator is who ultimately decides if an inconsistent rule is a fault or not. Although many algorithms to detect and manage inconsistencies in firewall ACLs have been proposed, they have different drawbacks regarding different aspects of the consistency diagnosis problem, which can prevent their use in a wide range of real-life situations. In this paper, we review these algorithms along with their drawbacks, and propose a new divide and conquer based algorithm, which uses specialized abstract data types. The proposed algorithm return s consistency results over the original ACL. Its computational complexity is better than the current best algorithm for inconsistency isolation, as experimental results will also show (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.140.198.43

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Pozo, S.; J. Varela-Vaca, A.; M. Gasca, R. and Ceballos, R. (2009). EFFICIENT ALGORITHMS AND ABSTRACT DATA TYPES FOR LOCAL INCONSISTENCY ISOLATION IN FIREWALL ACLS. In Proceedings of the International Conference on Security and Cryptography (ICETE 2009) - SECRYPT; ISBN 978-989-674-005-4; ISSN 2184-3236, SciTePress, pages 42-53. DOI: 10.5220/0002233100420053

@conference{secrypt09,
author={S. Pozo. and A. {J. Varela{-}Vaca}. and R. {M. Gasca}. and R. Ceballos.},
title={EFFICIENT ALGORITHMS AND ABSTRACT DATA TYPES FOR LOCAL INCONSISTENCY ISOLATION IN FIREWALL ACLS},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2009) - SECRYPT},
year={2009},
pages={42-53},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002233100420053},
isbn={978-989-674-005-4},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2009) - SECRYPT
TI - EFFICIENT ALGORITHMS AND ABSTRACT DATA TYPES FOR LOCAL INCONSISTENCY ISOLATION IN FIREWALL ACLS
SN - 978-989-674-005-4
IS - 2184-3236
AU - Pozo, S.
AU - J. Varela-Vaca, A.
AU - M. Gasca, R.
AU - Ceballos, R.
PY - 2009
SP - 42
EP - 53
DO - 10.5220/0002233100420053
PB - SciTePress