A Heuristic Process for Local Inconsistency Diagnosis in Firewall Rule Sets

  title={A Heuristic Process for Local Inconsistency Diagnosis in Firewall Rule Sets},
  author={Sergio Pozo Hidalgo and Rafael Ceballos and Rafael M. Gasca},
Writing and managing firewall ACLs are hard and error-prone tasks for a wide range of reasons. During these tasks, inconsistent rules can be introduced. An inconsistent firewall ACL implies in general a design error, and indicates that the firewall is accepting traffic that should be denied or vice versa. However, the administrator is who ultimately decides if an inconsistent rule is a fault or not. Although many algorithms to diagnose inconsistencies in firewall ACLs have been proposed, they… CONTINUE READING
4 Citations
15 References
Similar Papers


Publications citing this paper.
Showing 1-4 of 4 extracted citations


Publications referenced by this paper.
Showing 1-10 of 15 references

Complete Analysis of Configuration Rules to Guarantee Reliable Network Security Policies, Springer-Verlag

  • J. García-Alfaro, N. Boulahia-Cuppens, F. Cuppens
  • 2009
2 Excerpts

Fast Algorithms for Consistency-Based Diagnosis of Firewalls Rule Sets.” International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain

  • S. Pozo, R. Ceballos, R. M. Gasca
  • 2008

Security policy protocol.

  • S. Luis, M. Condell
  • IETF Internet Draft IPSPSPP-01,
  • 2002
1 Excerpt

Similar Papers

Loading similar papers…