A formal basis for the design and analysis of firewall security policies

Ahmed Khoumsi; Mohammed Erradi; Wadie Krombi

doi:10.1016/j.jksuci.2016.11.008

Journal of King Saud University: Computer and Information Sciences (Jan 2018)

A formal basis for the design and analysis of firewall security policies

Ahmed Khoumsi,
Mohammed Erradi,
Wadie Krombi

Affiliations

Ahmed Khoumsi: Department of Electrical & Computer Engineering, University of Sherbrooke, Canada
Mohammed Erradi: ENSIAS, Mohammed V University, Rabat, Morocco
Wadie Krombi: ENSIAS, Mohammed V University, Rabat, Morocco

DOI: https://doi.org/10.1016/j.jksuci.2016.11.008
Journal volume & issue: Vol. 30, no. 1
pp. 51 – 66

Abstract

Read online

A firewall is the core of a well defined network security policy. This paper presents an automata-based method to study firewall security policies. We first propose a procedure that synthesizes an automaton that describes a security policy given as a table of rules. The synthesis procedure is then used to develop procedures to detect: incompleteness, anomalies and discrepancies in security policies. A method is developed to represent the automaton by a policy qualified as mixable and that has practical utilities, such as ease to determine the whitelist and the blacklist of the policy. The developed procedures have been deeply evaluated in terms of time and space complexities. Then, a real case study has been investigated. The obtained results confirm that the developed procedures have reasonable complexities and that their actual execution times are of the order of seconds. Finally, proofs of all results are provided.

Published in Journal of King Saud University: Computer and Information Sciences

ISSN: 1319-1578 (Print)
Publisher: Elsevier
Country of publisher: Saudi Arabia
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://www.journals.elsevier.com/journal-of-king-saud-university-computer-and-information-sciences/

About the journal

Abstract

Keywords