A new approach to designing firewall based on multidimensional matrix
Cheng, Y.Z. ; Wang, W.P. ; Min, Geyong ; Wang, J.X.
Cheng, Y.Z.
Wang, W.P.
Min, Geyong
Wang, J.X.
Publication Date
2015-08-25
End of Embargo
Supervisor
Rights
Peer-Reviewed
Yes
Open Access status
closedAccess
Accepted for publication
2013-10-22
Institution
Department
Awarded
Embargo end date
Additional title
Abstract
Firewalls are crucial elements to enhance network security by examining the field value of every packet and decide whether to accept or discard the packet according to the firewall policy. However, the design of firewall policies, especially for enterprise networks, is complex and error-prone. This paper aims to propose an effective firewall design method to ensure the consistency, compactness and completeness of firewall rules. Specifically, we develop a new designing model, namely firewall design matrix, and the corresponding construction algorithm for mapping firewall rules to firewall design matrix. A firewall generation algorithm is proposed to generate the target firewall rules that are equivalent to the original ones while maintaining the completeness. Theoretical proof and extensive experiments on both real-world and synthetic firewalls are conducted to evaluate the performance of the proposed method. The results demonstrate that it can achieve a high compression ratio efficiently while maintaining the firewall rules conflict-free. Copyright (c) 2013 John Wiley & Sons, Ltd.
Version
No full-text in the repository
Citation
Cheng YZ, Wang WP, Min GY et al (2015) A new approach to designing firewall based on multidimensional matrix. Concurrency and Computation-Practice & Experience. 27(12): 3075-3088.
Link to publisher’s version
Link to published version
Link to Version of Record
Type
Article