Abstract
Firewalls are the frontier defense in network security. Firewalls provide a set of rules that identify how to handle individual data packets arriving at the network. Firewall configuration is increasingly becoming difficult. Filter properties called anomalies hint at possible conflicts between rules. An argumentation framework could provide ways of handling such conflicts. Verification of a firewall involve finding out whether anomalies exist or not. Reconfiguration involves removing critical anomalies discovered in the verification phase. In this paper, we show how a Defeasible Logic Programming approach with an underlying argumentation based semantics could be applied for verification and reconfiguration of a firewall.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Al-Shaer, E.S., Hamed, H.: Management and translation of filtering security policies. In: IEEE International Conference On Communications (ICC 2003) (2003)
Liu, A.X.: Formal Verification of Firewall Policies. In: Proceedings of the 2008 IEEE International Conference on Communications (ICC), Beijing, China (2008)
Govaerts, J., Bandara, A., Curran, K.: A formal logic approach to firewall packet filtering analysis and generation. Artificial Intelligence Review 29(3), 223–248 (2008)
Hazelhurst, S., Fatti, A., Henwood, A.: Binary decision diagram representations of firewall and router access lists. Technical report, Department of Computer Science, University of the Witwatersrand (1998)
Bandara, A.K., Kakas, A.C., Lupu, E.C., Russo, A.: Using argumentation logic for firewall configuration management. In: IFIP/IEEE International Symposium on Integrated Network Management, IM 2009, pp. 180–187. IEEE (2009)
Applebaum, A., Li, Z., Syed, A.R., Levitt, P.K.S., Rowe, J., Sklar, E.: Firewall configuration: An application of multiagent metalevel argumentation. In: Proceedings of the 9th Workshop on Argumentation in Multiagent Systems (2012)
Eronen, P., Zitting, J.: An expert system for analyzing firewall rules. In: Proc. of the 6th Nordic Workshop on Secure IT Systems, NordSec 2001 (2001)
Villemaire, R., Hall, S.: Strong Temporal, Weak Spatial Logic for Rule Based Filters. In: TIME 2009, pp. 115–121 (2009)
Khorchani, B., Villemaire, R., Hall, S.: Firewall anomaly detection with a model checker for visibility logic. In: NOMS 2012, pp. 466–469 (2012)
Hazarika, S.M.: Carving Rule-based Filters within a Spatio-temporal Logic. In: Proceedings of the National Workshop on Security 2010, pp. 30–35 (2010)
Thanasegaran, S., Yin, Y., Tateiwa, Y., Katayama, Y., Takahashi, N.: A topological approach to detect conflicts in firewall policies. In: IEEE International Parallel and Distributed Processing Symposium, pp. 1–7 (2009)
Christiansen, M., Emmanuel, F.: An MITDD based firewall using decision diagrams for packet filtering. Telecommun. Systems 27(2-4), 297–319 (2004)
Mayer, A., Wool, A., Ziskind, E.: Fang: A Firewall Analysis Engine. In: Proceedings of 21st IEEE Symposium on Security & Privacy, Oakland, CA (2000)
Tucat, M., Garcia, A.J., Simari, G.R.: Using Defeasible Logic Programming with Contextual Queries for Developing Recommender Servers. In: Proceedings of the AAAI Fall Symposium (2009)
Garca, A., Simari, G.: Defeasible Logic Programming: An Argumentative Approach. Theory and Practice of Logic Programming 4(1), 95–138 (2004)
Garcia-Alfaro, J., Boulahia-Cuppens, N., Cuppens, F.: Complete analysis of configuration rules to guarantee reliable network security policies. International Journal of Information Security, 1615–5262
Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Moataz, T., Rimasson, X.: Handling Stateful Firewall Anomalies. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 174–186. Springer, Heidelberg (2012)
Gouda, M., Liu, A.: A model of stateful firewalls and its properties. In: DSN, Yokohama, Japan, pp. 128–137 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Rajkhowa, P., Hazarika, S.M., Simari, G.R. (2013). An Application of Defeasible Logic Programming for Firewall Verification and Reconfiguration. In: Singh, K., Awasthi, A.K. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Networks. QShine 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37949-9_47
Download citation
DOI: https://doi.org/10.1007/978-3-642-37949-9_47
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37948-2
Online ISBN: 978-3-642-37949-9
eBook Packages: Computer ScienceComputer Science (R0)