Analysis of vulnerabilities in Internet firewalls

Kamara, Seny; Fahmy, Sonia; Schultz, E. Eugene; Kerschbaum, Florian; Frantzen, Michael

doi:10.1016/s0167-4048(03)00310-9

Cited by 92 publications

(44 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The study of vulnerability has a long history, having been used to study power distribution systems [13], the Internet [14] and transportation systems [15] to just name a few. Because of differences between the various settings, vulnerability does not yet have a commonly accepted definition.…”

Section: Vulnerability Factors Of Rail Transit Systemmentioning

confidence: 99%

Using an AHP-ISM Based Method to Study the Vulnerability Factors of Urban Rail Transit System

et al. 2017

View full text Add to dashboard Cite

Abstract:As a sustainable means of public transportation, urban rail transit system undergoes rapid expansion in China. How to provide a safe and reliable service has been the subject of growing attention in this context. However, such work is challenging because rail transit systems are quite vulnerable and influenced by a set of interacting factors. Studying these vulnerability factors will contribute significantly to the operation of rail transit system. From this perspective, this paper made an exploration of the vulnerability factors based on an integrated method consisting of AHP (Analytical Hierarchy Process) and ISM (Interpretative Structural Modeling). Based on literature review, 21 vulnerability factors were identified. Subsequently, expert elicitation was employed to ascertain the importance of each factor and the interrelations among them. The results suggest that management and individual factors have the highest importance weights and the interrelations among vulnerability factors could be expressed as a five-layer structure, in which management factors were inclined to be at the lower level. The research provides valuable information for decision makers to take proactive strategies and reinforcement policies to guarantee safety operation of urban rail transit system and ensure urban public safety, which could promote the sustainable development of cities.

show abstract

Section: Vulnerability Factors Of Rail Transit Systemmentioning

confidence: 99%

Using an AHP-ISM Based Method to Study the Vulnerability Factors of Urban Rail Transit System

et al. 2017

View full text Add to dashboard Cite

show abstract

“…The analysis and verification methods of firewall policies have been presented in [11], [23], [24], and [28], and the testing of firewall policies was studied in [19]. Firewall vulnerabilities were discussed and classified in [10] and [21] with focus on firewall software. However, none of these works focuses on redundancy removal.…”

Section: Related Workmentioning

confidence: 99%

Complete Redundancy Removal for Packet Classifiers in TCAMs

Liu

Gouda

2010

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

Abstract-Packet classification is the core mechanism that enables many networking services on the Internet such as firewall packet filtering and traffic accounting. Using Ternary Content Addressable Memories (TCAMs) to perform high-speed packet classification has become the de facto standard in the industry. TCAMs classify packets in constant time by comparing a packet with all classification rules of ternary encoding in parallel. Despite their high speed, TCAMs suffer from the well-known interval expansion problem. As packet classification rules usually have fields specified as intervals, converting such rules to TCAM-compatible rules may result in an explosive increase in the number of rules. This is not a problem if TCAMs have large capacities. Unfortunately, TCAMs have very limited capacity, and more rules means more power consumption and more heat generation for TCAMs. Even worse, the number of rules in packet classifiers have been increasing rapidly with the growing number of services deployed on the Internet. In this paper, we propose to address the interval expansion problem of TCAMs by removing redundant rules in classifiers. This equivalent transformation can significantly reduce the number of TCAM entries needed by a classifier. Our experiments on real-life classifiers show an average reduction of 58.2 percent in the number of TCAM entries by removing redundant rules. Given the logical interleaving nature of packet filtering rules, identifying redundant rules in classifiers is by no means trivial, and to achieve the guarantee of no redundant rules in resulting classifiers is even more challenging. In this paper, for the first time, we give a necessary and sufficient condition for identifying all redundant rules in a classifier. Based on this condition, we categorize redundant rules into upward redundant rules and downward redundant rules. Second, we present two algorithms for detecting and removing the two types of redundant rules, respectively. Third, we formally prove that the resulting classifiers have no redundant rules after running the two algorithms. Last, we conduct extensive experiments on both real-life and synthetic classifiers. The experimental results show that our redundancy removal algorithms are both effective and efficient.

show abstract

“…In particular, since security solutions often have been the target of malicious actions (e.g., anti-virus software [5], intrusion detection systems [6] or firewalls [7], [8], [9], [10]) as part of a wider scale attack, SIEM systems should be built/deployed under the assumption that this sort of actions will eventually occur. In this paper, we will focus on the protection of the core facility components from outside attacks, improving the security and dependability of such essential processing.…”

Section: Introductionmentioning

confidence: 99%

An intrusion-tolerant firewall design for protecting SIEM systems

Garcia

Neves

Bessani

2013

2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W)

View full text Add to dashboard Cite

Abstract-Nowadays, organizations are resorting to Security Information and Event Management (SIEM) systems to monitor and manage their network infrastructures. SIEMs employ a data collection capability based on many sensors placed in critical points of the network, which forwards events to a core facility for processing and support different forms of analysis (e.g., report attacks in near real time, inventory management, risk assessment). In this paper, we will focus on the defense of the core facility components by presenting a new firewall design that is resilient to very harsh failure scenarios. In particular, it tolerates not only external attacks but also the intrusion of some of its components. The firewall employs a two level filtering scheme to increase performance and to allow for some flexibility on the selection of fault-tolerance mechanisms. The first filtering stage efficiently eliminates the most common forms of attacks, while the second stage supports application rules for a more sophisticated analysis of the traffic. The fault tolerance mechanisms are based on a detection and recovery approach for the first stage, while the second stage uses state machine replication and voting.

show abstract

Analysis of vulnerabilities in Internet firewalls

Cited by 92 publications

References 9 publications

Using an AHP-ISM Based Method to Study the Vulnerability Factors of Urban Rail Transit System

Using an AHP-ISM Based Method to Study the Vulnerability Factors of Urban Rail Transit System

Complete Redundancy Removal for Packet Classifiers in TCAMs

An intrusion-tolerant firewall design for protecting SIEM systems

Contact Info

Product

Resources

About