TY - GEN
T1 - Verification and synthesis of firewalls using SAT and QBF
AU - Zhang, Shuyuan
AU - Mahmoud, Abdulrahman
AU - Malik, Sharad
AU - Narain, Sanjai
PY - 2012
Y1 - 2012
N2 - Firewalls are widely deployed to safeguard the security of networks and it is critical for enterprise networks to have firewalls to prevent malicious attacks and to guarantee the normal functioning of the network. Firewalls prevent dangerous packets from entering the inner network by looking up the Access Control List (ACL) to permit or drop certain packets. However, ACLs often suffer from redundancy problems, which can degrade the performance of firewalls and the network. The contribution of this paper is threefold: 1) we present a Boolean Satisfiability (SAT) based technique that can compare the equivalence and inclusion relationship between two firewalls, which is very valuable for the testing between a given firewall and an optimized one, 2) we present a technique to discover redundancies within a firewall, and 3) we formulate the ACL optimization problem as a Quantified Boolean Formula problem (QBF) and explore its practical application using a QBF solver.
AB - Firewalls are widely deployed to safeguard the security of networks and it is critical for enterprise networks to have firewalls to prevent malicious attacks and to guarantee the normal functioning of the network. Firewalls prevent dangerous packets from entering the inner network by looking up the Access Control List (ACL) to permit or drop certain packets. However, ACLs often suffer from redundancy problems, which can degrade the performance of firewalls and the network. The contribution of this paper is threefold: 1) we present a Boolean Satisfiability (SAT) based technique that can compare the equivalence and inclusion relationship between two firewalls, which is very valuable for the testing between a given firewall and an optimized one, 2) we present a technique to discover redundancies within a firewall, and 3) we formulate the ACL optimization problem as a Quantified Boolean Formula problem (QBF) and explore its practical application using a QBF solver.
UR - http://www.scopus.com/inward/record.url?scp=84874576855&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84874576855&partnerID=8YFLogxK
U2 - 10.1109/ICNP.2012.6459944
DO - 10.1109/ICNP.2012.6459944
M3 - Conference contribution
AN - SCOPUS:84874576855
SN - 9781467324472
T3 - Proceedings - International Conference on Network Protocols, ICNP
BT - 2012 20th IEEE International Conference on Network Protocols, ICNP 2012
T2 - 2012 20th IEEE International Conference on Network Protocols, ICNP 2012
Y2 - 30 October 2012 through 2 November 2012
ER -