dc.creator | Pozo Hidalgo, Sergio | es |
dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Martínez Gasca, Rafael | es |
dc.date.accessioned | 2022-11-15T09:51:28Z | |
dc.date.available | 2022-11-15T09:51:28Z | |
dc.date.issued | 2010 | |
dc.identifier.citation | Pozo Hidalgo, S., Varela Vaca, Á.J. y Martínez Gasca, R. (2010). A Quadratic, Complete, and Minimal Consistency Diagnosis Process for Firewall ACLs. En AINA 2010: 24th IEEE International Conference on Advanced Information Networking and Applications (1037-1046), Perth, WA, Australia: IEEE Computer Society. | |
dc.identifier.isbn | 978-1-4244-6695-5 | es |
dc.identifier.isbn | 978-1-4244-6696-2 | es |
dc.identifier.issn | 1550-445X | es |
dc.identifier.issn | 2332-5658 | es |
dc.identifier.uri | https://hdl.handle.net/11441/139422 | |
dc.description.abstract | Developing and managing firewall Access Control
Lists (ACLs) are hard, time-consuming, and error-prone tasks
for a variety of reasons. Complexity of networks is constantly
increasing, as it is the size of firewall ACLs. Networks have
different access control requirements which must be translated
by a network administrator into firewall ACLs. During this task,
inconsistent rules can be introduced in the ACL. Furthermore,
each time a rule is modified (e.g. updated, corrected when a fault
is found, etc.) a new inconsistency with other rules can be
introduced. An inconsistent firewall ACL implies, in general, a
design or development fault, and indicates that the firewall is
accepting traffic that should be denied or vice versa. In this paper
we propose a complete and minimal consistency diagnosis process
which has worst-case quadratic time complexity with the number
of rules in a set of inconsistent rules. There are other proposals of
consistency diagnosis algorithms. However they have different
problems which can prevent their use with big, real-life, ACLs:
on the one hand, the minimal ones have exponential worst-case
time complexity; on the other hand, the polynomial ones are not
minimal. | es |
dc.description.sponsorship | Ministerio de Eduación y Ciencia TIN2009-13714 | es |
dc.format | application/pdf | es |
dc.format.extent | 10 | es |
dc.language.iso | eng | es |
dc.publisher | IEEE Computer Society | es |
dc.relation.ispartof | AINA 2010: 24th IEEE International Conference on Advanced Information Networking and Applications (2010), pp. 1037-1046. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | Inconsistency | es |
dc.subject | Conflict | es |
dc.subject | Anomaly | es |
dc.subject | Diagnosis | es |
dc.subject | Minimal | es |
dc.subject | Firewall | es |
dc.subject | ACL | es |
dc.subject | Ruleset | es |
dc.subject | Management | es |
dc.subject | Detection | es |
dc.title | A Quadratic, Complete, and Minimal Consistency Diagnosis Process for Firewall ACLs | es |
dc.type | info:eu-repo/semantics/conferenceObject | es |
dc.type.version | info:eu-repo/semantics/submittedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | TIN2009-13714 | es |
dc.relation.publisherversion | https://ieeexplore.ieee.org/document/5474827 | es |
dc.identifier.doi | 10.1109/AINA.2010.63 | es |
dc.contributor.group | Universidad de Sevilla. TIC-258: Data-centric Computing Research Hub | es |
dc.publication.initialPage | 1037 | es |
dc.publication.endPage | 1046 | es |
dc.eventtitle | AINA 2010: 24th IEEE International Conference on Advanced Information Networking and Applications | es |
dc.eventinstitution | Perth, WA, Australia | es |
dc.relation.publicationplace | New York, USA | es |
dc.contributor.funder | Ministerio de Educación y Ciencia (MEC). España | es |