Presentation
A Quadratic, Complete, and Minimal Consistency Diagnosis Process for Firewall ACLs
Author/s | Pozo Hidalgo, Sergio
Varela Vaca, Ángel Jesús Martínez Gasca, Rafael |
Department | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos |
Publication Date | 2010 |
Deposit Date | 2022-11-15 |
Published in |
|
ISBN/ISSN | 978-1-4244-6695-5 978-1-4244-6696-2 1550-445X 2332-5658 |
Abstract | Developing and managing firewall Access Control
Lists (ACLs) are hard, time-consuming, and error-prone tasks
for a variety of reasons. Complexity of networks is constantly
increasing, as it is the size of firewall ... Developing and managing firewall Access Control Lists (ACLs) are hard, time-consuming, and error-prone tasks for a variety of reasons. Complexity of networks is constantly increasing, as it is the size of firewall ACLs. Networks have different access control requirements which must be translated by a network administrator into firewall ACLs. During this task, inconsistent rules can be introduced in the ACL. Furthermore, each time a rule is modified (e.g. updated, corrected when a fault is found, etc.) a new inconsistency with other rules can be introduced. An inconsistent firewall ACL implies, in general, a design or development fault, and indicates that the firewall is accepting traffic that should be denied or vice versa. In this paper we propose a complete and minimal consistency diagnosis process which has worst-case quadratic time complexity with the number of rules in a set of inconsistent rules. There are other proposals of consistency diagnosis algorithms. However they have different problems which can prevent their use with big, real-life, ACLs: on the one hand, the minimal ones have exponential worst-case time complexity; on the other hand, the polynomial ones are not minimal. |
Funding agencies | Ministerio de Educación y Ciencia (MEC). España |
Project ID. | TIN2009-13714 |
Citation | Pozo Hidalgo, S., Varela Vaca, Á.J. y Martínez Gasca, R. (2010). A Quadratic, Complete, and Minimal Consistency Diagnosis Process for Firewall ACLs. En AINA 2010: 24th IEEE International Conference on Advanced Information Networking and Applications (1037-1046), Perth, WA, Australia: IEEE Computer Society. |
Files | Size | Format | View | Description |
---|---|---|---|---|
A quadratic, complete, and minimal ... | 626.7Kb | [PDF] | View/ | |