Authors:
S. Pozo
;
R. M. Gasca
and
F. de la Rosa T.
Affiliation:
Computer Engineering College, University of Seville, Spain
Keyword(s):
Diagnosis, Consistency, Conflict, Anomaly, Firewall, ACL, Ruleset, Update.
Related
Ontology
Subjects/Areas/Topics:
Enterprise Information Systems
;
Formal Methods
;
Information Systems Analysis and Specification
;
Methodologies and Technologies
;
Operational Research
;
Security
;
Simulation and Modeling
;
Software Agents and Internet Computing
;
Telecommunications
;
Wireless and Mobile Computing
;
Wireless and Mobile Technologies
;
Wireless Information Networks and Systems
Abstract:
Filtering is a very important issue in next generation networks. These networks consist of a relatively high number of resource constrained devices and have special features, such as management of frequent topology changes. At each topology change, the access control policy of all nodes of the network must be automatically modified. In order to manage these access control requirements, Firewalls have been proposed by several researchers. However, many of the problems of traditional firewalls are aggravated due to these networks particularities, as is the case of ACL consistency. A firewall ACL with inconsistencies implies in general design errors, and indicates that the firewall is accepting traffic that should be denied or vice versa. This can result in severe problems such as unwanted accesses to services, denial of service, overflows, etc. Detecting inconsistencies is of extreme importance in the context of highly sensitive applications (e.g. health care). We propose a local incon
sistency detection algorithm and data structures to prevent automatic rule updates that can cause inconsistencies. The proposal has very low computational complexity as both theoretical and experimental results will show, and thus can be used in real time environments.
(More)