Cited By
View all- Voronkov AMartucci LLindskog S(2020)Measuring the Usability of Firewall Rule SetsIEEE Access10.1109/ACCESS.2020.29710938(27106-27121)Online publication date: 2020
Towards quantification of firewall policy complexity
Article No.: 18, Pages 1 - 2
Abstract
Developing metrics for quantifying the security and usability aspects of a system has been of constant interest to the cybersecurity research community. Such metrics have the potential to provide valuable insight on security and usability of a system and to aid in the design, development, testing, and maintenance of the system. Working towards the overarching goal of such metric development, in this work we lay down the groundwork for developing metrics for quantifying the complexity of firewall policies. We are particularly interested in capturing the human perceived complexity of firewall policies. To this end, we propose a potential workflow that researchers can follow to develop empirically-validated, objective metrics for measuring the complexity of firewall policies. We also propose three hypotheses that capture salient properties of a firewall policy which constitute the complexity of a policy for a human user. We identify two categories of human-perceived policy complexity (i.e., syntactic complexity and semantic complexity), and for each of them propose potential complexity metrics for firewall policies that exploit two of the hypotheses we suggest. The current work can be viewed as a stepping stone for future research on development of such policy complexity metrics.
References
[1]
H. B. Acharya, A. Joshi, and M. G. Gouda. Firewall modules and modular firewalls. In Proceedings of the The 18th IEEE International Conference on Network Protocols, ICNP '10, 2010.
[2]
S. Al-Haj and E. Al-Shaer. Measuring firewall security. In 4th Symposium on Configuration Analytics and Automation, SafeConfig'11, 2011.
[3]
W. Jansen. Directions in security metrics research. DIANE Publishing, 2010.
[4]
A. N. Kolmogorov. On tables of random numbers. Sankhyā: The Indian Journal of Statistics, Series A, 25(4), Dec. 1963.
[5]
A. N. Kolmogorov. On tables of random numbers. Theor. Comput. Sci., 207(2), Nov. 1998.
[6]
A. Tongaonkar, N. Inamdar, and R. Sekar. Inferring higher level policies from firewall rules. In Proceedings of the 21st Conference on Large Installation System Administration Conference, LISA'07, pages 2:1--2:10, 2007.
[7]
T. Wong. On the usability of firewall configuration, 2008. http://cups.cs.cmu.edu/soups/2008/USM/wong.pdf.
[8]
A. Wool. A quantitative study of firewall configuration errors. Computer, 37(6): 62--67, June 2004.
[9]
A. Wool. Trends in firewall configuration errors: Measuring the holes in swiss cheese. IEEE Internet Computing, 14(4): 58--65, July 2010.
Index Terms
- Towards quantification of firewall policy complexity
Recommendations
Location aware self-adapting firewall policies
Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the ...
Firewall policy change-impact analysis
Firewalls are the cornerstones of the security infrastructure for most enterprises. They have been widely deployed for protecting private networks. The quality of the protection provided by a firewall directly depends on the quality of its policy (i.e., ...
Firewall policy verification and troubleshooting
Firewalls are important elements of enterprise security and have been the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall mainly depends on the quality of its policy (i.e., configuration). ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2015 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
- US Army Research Office: US Army Research Office
- NSF: National Science Foundation
- University of Illinois at Urbana-Champaign
- National Security Agency: National Security Agency
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 April 2015
Check for updates
Author Tags
Qualifiers
- Poster
Conference
HotSoS '15
Sponsor:
- US Army Research Office
- NSF
- National Security Agency
Acceptance Rates
HotSoS '15 Paper Acceptance Rate 13 of 22 submissions, 59%;
Overall Acceptance Rate 34 of 60 submissions, 57%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 184Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)1
Reflects downloads up to 18 Nov 2024
Other Metrics
Citations
Cited By
View all- Voronkov AMartucci LLindskog S(2020)Measuring the Usability of Firewall Rule SetsIEEE Access10.1109/ACCESS.2020.29710938(27106-27121)Online publication date: 2020
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in