Subana Thanasegaran scite author profile

Subana Thanasegaran

5Publications

11Citation Statements Received

90Citation Statements Given

How they've been cited

How they cite others

Affiliations

Nagoya Institute of Technology

Publications

Order By: Most citations

A topological approach to detect conflicts in firewall policies

Thanasegaran

Yin

Tateiwa

et al. 2009

View full text Add to dashboard Cite

Packet filtering provides initial layer of security based upon set of ordered filters called firewall policies. It examines the network packets and decides whether to accept or deny them. But when a packet matches two or more filters conflicts arise. Due to the conflicts, some filters are never executed and some filters are occasionally executed. It may results into unintended traffic and it is a tedious job for administrator to detect conflicts. Detection of conflicts through geometrical approach provides a systematic and powerful error classification, but as the filters and key fields of header increase, it demands high memory and computation time. To solve this problem, we propose a topological approach called BISCAL (Bit-vector based spatial calculus) to detect the conflicts in the firewall policies. As because of our approach preserves only the topology of the filters, it can reduce memory usage and computation time to a great extend Packet filtering, conflict detection, firewall policy

show abstract

A Topology-Based Conflict Detection System for Firewall Policies using Bit-Vector-Based Spatial Calculus

Thanasegaran¹,

Yin²,

Tateiwa³

et al. 2011

IJCNS

View full text Add to dashboard Cite

Firewalls use packet filtering to either accept or deny packets on the basis of a set of predefined rules called filters. The firewall forms the initial layer of defense and protects the network from unauthorized access. However, maintaining firewall policies is always an error prone task, because the policies are highly complex. Conflict is a misconfiguration that occurs when a packet matches two or more filters. The occurrence of conflicts in a firewall policy makes the filters either redundant or shadowed, and as a result, the network does not reflect the actual configuration of the firewall policy. Hence, it is necessary to detect conflicts to keep the filters meaningful. Even though geometry-based conflict detection provides an exhaustive method for error classification, when the number of filters and headers increases, the demands on memory and computation time increase. To solve these two issues, we make two main contributions. First, we propose a topology-based conflict detection system that computes the topological relationship of the filters to detect the conflicts. Second, we propose a systematic implementation method called BISCAL (a bit-vector-based spatial calculus) to implement the proposed system and remove irrelevant data from the conflict detection computation. We perform a mathematical analysis as well as experimental evaluations and find that the amount of data needed for topology is only one-fourth of that needed for geometry.

show abstract

Simultaneous Analysis of Time and Space for Conflict Detection in Time-Based Firewall Policies

Thanasegaran

Tateiwa

Katayama

et al. 2010

View full text Add to dashboard Cite

Design and Implementation of Conflict Detection System for Time-Based Firewall Policies

Thanasegaran¹,

Tateiwa²,

Katayama³

et al. 2011

JNIT

View full text Add to dashboard Cite

Firewalls are one of the most common mechanisms used to protect the network from unauthorized access and security threats. Nowadays, time-based firewall policies are widely in use in many firewalls such as CISCO ACLs and Linux iptables to control network traffic with respect to time. However, network administrators struggle to maintain the firewall policies due to their high complexity. A conflict is a misconfiguration that occurs due to mismanagement of a firewall policy. Detection of conflicts and reconfiguration of the policies to discard conflicts is an extremely complicated task for any network administrator. Even though there are currently many conflict detection techniques, the prevailing techniques cannot deal with time-based firewall policies. As a result, when they are applied to time-based firewall policies, the time fields are ignored; therefore, the problem of obtaining false positive results arises, stating a non-conflict as a conflict. This problem has not been addressed in previous researches regardless of its significance. In this paper, we have formalized the conflict detection problem by designing a time-based firewall policy similar to the Linux iptables and CISCO ACLs. We have proposed a system to detect conflicts by extending the topology-based spatial analysis of firewall policies without time fields to time-based firewall policies, and we have presented the implementation of the proposed system in detail. Furthermore, we have evaluated the feasibility and usefulness of the proposed system by conducting experiments with various time-based firewall policies, and we have verified the effectiveness of the proposed system.

show abstract

An Improved Conflict Detection System with Periodic Cycle Treatment for Time-Based Firewall Policies

Thanasegaran

Tateiwa

Katayama

et al. 2010

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.