Detecting Policy Anomalies in Firewalls by Relational Algebra and Raining 2D-Box Model

摘要

Firewalls are crucial elements in the computer networks. Due to lack of tools for analyzing firewall policies, most firewalls on the internet have been plagued with policy anomalies. In this paper, we propose a method; which analyzes the firewall by using Relational Algebra and Raining 2D-Box Model. It can find out all the anomalies in the firewall rule-set in the format that is usually used by many firewall products such as Cisco Access Control List, IPTABLES, IPCHAINS and Check Point Firewall-1. While the existing analyzing methods consider the anomalies between any two rules in the firewall rule-set, we consider more than two rules together at the same time to find out the anomaly. Therefore we can find all the hidden anomalies in the firewall rule-set. Results from analyzing can be used with the proposed rules-combination method presented in this paper, to minimize the firewall rule without changing the policy. This method could help administrator to analyze and modify a complex firewall policy.