Preview

Modeling and Analysis of Information Systems

Advanced search

An Effective Algorithm for Collision Resolution in Security Policy Rules

https://doi.org/10.18255/1818-1015-2019-1-75-89

Abstract

A firewall is the main classic tool for monitoring and managing the network traffic on a local network. Its task is to compare the network traffic passing through it with the established security rules. These rules, which are often also called security policy, can be defined both before and during the operation of the firewall. Managing the security policy of large corporate networks is a complex task. In order to properly implement it, firewall filtering rules must be written and organized neatly and without errors. In addition, the process of changing or inserting new rules should be performed only after a careful analysis of the relationship between the rules being modified or inserted, as well as the rules that already exist in the security policy. In this article, the authors consider the classification of relations between security policy rules and also give the definition of all sorts of conflicts between them. In addition, the authors present a new efficient algorithm for detecting and resolving collisions in firewall rules by the example of the Floodlight SDN controller.

About the Authors

Sergey V. Morzhov
P.G. Demidov Yaroslavl State University
Russian Federation

graduate student

14 Sovetskay st., Yaroslavl, 150003



Valeriy A. Sokolov
Centre of Integrable Systems, P.G. Demidov Yaroslavl State University
Russian Federation

Doctor, Professor

14 Sovetskay st., Yaroslavl, 150003



References

1. Al-Shaer E., et al., "Automated Firewall Analytics. Design, Configuration and Optimization", Proceedings of 2016 IEEE Trustcom/BigDataSE/ISPA, 2014, 15-18.

2. Abedin M., Nessa S., Khan L., Thuraisingham B., "Detection and Resolution of Anomalies in Firewall Policy Rules", Data and Applications Security XX, Springer, 2006, 15-29.

3. Morzhov S., Nikitinskiy M., "Development and research of the PreFirewall network application for Floodlight SDN controller", 2018 Moscow Workshop on Electronic and Networking Technologies (MWENT) (Moscow, March 14-16), 2018, 1-4.

4. Morzhov S., Sokolov V., Nikitinskiy M., Chaly D., "Building a Security Policy Tree for SDN Controllers", 2018 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTec) (Moscow, October 25), 2018, 1-6.

5. Morzhov S., Alekseev I., Nikitinskiy M., "Firewall application for Floodlight SDN controller", XII International Siberian Conference on Control and Communications (SIBCON-2016) (Moscow, May 12-14), 2016, 1-5.


Review

For citations:


Morzhov S.V., Sokolov V.A. An Effective Algorithm for Collision Resolution in Security Policy Rules. Modeling and Analysis of Information Systems. 2019;26(1):75-89. (In Russ.) https://doi.org/10.18255/1818-1015-2019-1-75-89

Views: 833


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.


ISSN 1818-1015 (Print)
ISSN 2313-5417 (Online)