Skip to main content
SpringerLink
Log in

Security Policies Tuning Among IP Devices

  • Conference paper
Knowledge-Based Intelligent Information and Engineering Systems (KES 2007)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4693))

Abstract

Packet filtering is a core operation in network security management. As networks and services become more complex, managing access-list rules becomes an error-prone task. Conflicts among policies can cause holes in security and prevent the load optimization in the network. Here we propose an algorithm to automatically tune up the configurations of IP level security devices. Our aim is to keep the external behaviour (end-to-end) unchanged, while removing distributed inconsistencies all over the network. The algorithm is described in full details and results of the software implementation are shown.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hare, C., Siyan, K.: Internet Firewalls and Network Security. New Riders (1996)

    Google Scholar 

  2. Ferraresi, S., Pesic, S., Trazza, L., Baiocchi, A.: Automatic Conflict Analysis and Resolution of Traffic Filtering Policy for Firewall and Security Gateway. In: ICC’07 (2007)

    Google Scholar 

  3. Westerinen, et al.: Terminology for Policy-Based Management. RFC-3198

    Google Scholar 

  4. Al Shaer, E., Hamed, H.: Discovery of Policy Anomalies in Distributed Firewalls. In: IEEE INFOCOM’04 (March 2004)

    Google Scholar 

  5. Al Shaer, E., Hamed, H.: Modeling and Management of Firewall Policies. IEEE eTransactions on Network and Service Management 1-1 (April 2004)

    Google Scholar 

  6. Al Shaer, E., Hamed, H.: Firewall Policy Advisor for Anomaly Detection and Rule Editing. In: IM2003. Proceedings of IEEE/IFIP Integrated Management Conference (March 2003)

    Google Scholar 

  7. Hari, H., Suri, S., Parulkar, G.: Detecting and Resolving Packet Filter Conflicts. In: Proceedings of IEEE INFOCOM 2000, IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  8. Ioannidis, S., Keromytis, A., Bellovin, S., Smith, J.: Implementing a Distributed Firewall. In: Proceedings of 7th ACM Conference on Computer and Comminications Security (CCS’00) (November 2000)

    Google Scholar 

  9. Cheswick, W., Bellovin, S.: Firewalls and Internet Security. Addison-Wesley, Reading (1995)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ELSAGDATAMAT, V. Laurentina, 760 - 00143 Roma, Italy

    Simone Ferraresi

  2. INFOCOM Dept.- Sapienza Università di Roma, Via Eudossiana, 18 - 00184 Roma, Italy

    Emanuele Francocci & Alessio Quaglini

  3. DIBE Dept.- Univ. of Genova, Via All’Opera Pia 11a - 16145 Genova, Italy

    Francesco Picasso

Authors
  1. Simone Ferraresi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emanuele Francocci
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessio Quaglini
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Francesco Picasso
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Scienze dell’Informazione, Università degli Studi di Milano, Via Comelico 39/41, 20135, Milano, Italy

    Bruno Apolloni

  2. Centre for SMART Systems, School of Engineering, University of Brighton, BN2 4GJ, Brighton, UK

    Robert J. Howlett

  3. Knowledge-Based Intelligent Engineering Systems Centre, University of South Australia, Mawson Lakes, SA 5095, Adelaide, Australia

    Lakhmi Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ferraresi, S., Francocci, E., Quaglini, A., Picasso, F. (2007). Security Policies Tuning Among IP Devices. In: Apolloni, B., Howlett, R.J., Jain, L. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2007. Lecture Notes in Computer Science(), vol 4693. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74827-4_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74827-4_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74826-7

  • Online ISBN: 978-3-540-74827-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation