Detection and Resolution of Anomalies in Firewall Policy Rules

Abstract: Abstract.A firewall is a system acting as an interface of a network to one or more external networks. It implements the security policy of the network by deciding which packets to let through based on rules defined by the network administrator. Any error in defining the rules may compromise the system security by letting unwanted traffic pass or blocking desired traffic. Manual definition of rules often results in a set that contains conflicting, redundant or overshadowed rules, resulting in anomalies in the p… Show more

“…A formal model for PAC security configuration that governs user access through doors was presented. Drawing upon analysis techniques for firewall security configuration (for example [2], [10]- [12]) comparisons where made with PAC security configurations. This facilitated the key contribution of this paper where a number of configuration anomalies have been identified, for example a shadowing anomaly.…”

“…An alternative interpretation would be to treat a PAC security configuration as a sequence of access rules whereby for a given (user, room, door) triple, the query is tested against each access-control rule, starting from the first, in sequence, and the first rule that matches gives the result that is returned. Similar interpretations are used in firewall policy rules [2], [10]- [12].…”

“…While firewall security configuration analysis has been extensively researched [2], [10]- [12], research on Physical Access Control has been limited. In [15], the authors use association rule mining to detect misconfigurations in a PAC security configurations.…”

Anomaly analysis for Physical Access Control security configuration

“…A formal model for PAC security configuration that governs user access through doors was presented. Drawing upon analysis techniques for firewall security configuration (for example [2], [10]- [12]) comparisons where made with PAC security configurations. This facilitated the key contribution of this paper where a number of configuration anomalies have been identified, for example a shadowing anomaly.…”

“…An alternative interpretation would be to treat a PAC security configuration as a sequence of access rules whereby for a given (user, room, door) triple, the query is tested against each access-control rule, starting from the first, in sequence, and the first rule that matches gives the result that is returned. Similar interpretations are used in firewall policy rules [2], [10]- [12].…”

“…While firewall security configuration analysis has been extensively researched [2], [10]- [12], research on Physical Access Control has been limited. In [15], the authors use association rule mining to detect misconfigurations in a PAC security configurations.…”

Anomaly analysis for Physical Access Control security configuration

“…A number of existing techniques can be used to generate [7,13,14], query [15,22,23] and perform structural analysis [3,4,6] on network access control configurations. However, these homogeneous firewall-centric approaches tend not consider their interoperation with other and applicationlayer access controls.…”

Management of heterogeneous security access control configuration using an ontology engineering approach

“…Their approach to policy analysis motivates and demonstrates the use of supplying to analysis processes extra information concerning the managed system. The approach they present is not formally tied to a conict analysis process; however, they do address policy conict in related works Abedin et al, 2006). By not explicitly associating policy renement with policy conict analysis there is no guarantee that the rened policies do not conict with themselves or conict with the policies that have been previously deployed.…”

On harnessing information models and ontologies for policy conflict analysis