Visible to the public A security Policy Query Engine for fully automated resolution of anomalies in firewall configurations

TitleA security Policy Query Engine for fully automated resolution of anomalies in firewall configurations
Publication TypeConference Paper
Year of Publication2016
AuthorsBouhoula, A., Yazidi, A.
Conference Name2016 IEEE 15th International Symposium on Network Computing and Applications (NCA)
Date Publishedoct
ISBN Number978-1-5090-3216-7
Keywordsanomaly resolution, Collaboration, correction process, Correlation, Electronic mail, Engines, Explosions, firewall anomalies, firewall configuration, firewall rules, firewalls, Firewalls (computing), FPQE, governance, Government, policy, policy-based governance, pubcrawl, query processing, radically disjunctive approach, security policies, security policy query engine, Shadow mapping

Legacy work on correcting firewall anomalies operate with the premise of creating totally disjunctive rules. Unfortunately, such solutions are impractical from implementation point of view as they lead to an explosion of the number of firewall rules. In a related previous work, we proposed a new approach for performing assisted corrective actions, which in contrast to the-state-of-the-art family of radically disjunctive approaches, does not lead to a prohibitive increase of the configuration size. In this sense, we allow relaxation in the correction process by clearly distinguishing between constructive anomalies that can be tolerated and destructive anomalies that should be systematically fixed. However, a main disadvantage of the latter approach was its dependency on the guided input from the administrator which controversially introduces a new risk for human errors. In order to circumvent the latter disadvantage, we present in this paper a Firewall Policy Query Engine (FPQE) that renders the whole process of anomaly resolution a fully automated one and which does not require any human intervention. In this sense, instead of prompting the administrator for inserting the proper order corrective actions, FPQE executes those queries against a high level firewall policy. We have implemented the FPQE and the first results of integrating it with our legacy anomaly resolver are promising.

Citation Keybouhoula_security_2016