Article

Verification and synthesis of firewalls using SAT and QBF

Authors:

Shuyuan Zhang,

Abdulrahman Mahmoud,

Sharad Malik,

Sanjai NarainAuthors Info & Claims

ICNP '12: Proceedings of the 2012 20th IEEE International Conference on Network Protocols (ICNP)

Pages 1 - 6

https://doi.org/10.1109/ICNP.2012.6459944

Published: 30 October 2012 Publication History

Abstract

Firewalls are widely deployed to safeguard the security of networks and it is critical for enterprise networks to have firewalls to prevent malicious attacks and to guarantee the normal functioning of the network. Firewalls prevent dangerous packets from entering the inner network by looking up the Access Control List (ACL) to permit or drop certain packets. However, ACLs often suffer from redundancy problems, which can degrade the performance of firewalls and the network. The contribution of this paper is threefold: 1) we present a Boolean Satisfiability (SAT) based technique that can compare the equivalence and inclusion relationship between two firewalls, which is very valuable for the testing between a given firewall and an optimized one, 2) we present a technique to discover redundancies within a firewall, and 3) we formulate the ACL optimization problem as a Quantified Boolean Formula problem (QBF) and explore its practical application using a QBF solver.

Cited By

View all

Yuan YMoon SUppal SJia LSekar VBhagwan RPorter G(2020)NetSMCProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388256(181-200)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388256
Jayaraman KBjørner NPadhye JAgrawal ABhargava ABissonnette PFoster SHelwer AKasten MLee INamdhari ANiaz HParkhi APinnamraju HPower ARaje NSharma PWu JHall W(2019)Validating datacenters at scaleProceedings of the ACM Special Interest Group on Data Communication10.1145/3341302.3342094(200-213)Online publication date: 19-Aug-2019
https://dl.acm.org/doi/10.1145/3341302.3342094
Tian BZhang XZhai ELiu HYe QWang CWu XJi ZSang YZhang MYu DTian CZheng HZhao BWu JHall W(2019)Safely and automatically updating in-network ACL configurations with intent languageProceedings of the ACM Special Interest Group on Data Communication10.1145/3341302.3342088(214-226)Online publication date: 19-Aug-2019
https://dl.acm.org/doi/10.1145/3341302.3342088
Show More Cited By

Verification and synthesis of firewalls using SAT and QBF
1. Social and professional topics
  1. Computing / technology policy

Recommendations

Using SAT in QBF
CP'05: Proceedings of the 11th International Conference on Principles and Practice of Constraint Programming

QBF is the problem of deciding the satisfiability of quantified boolean formulae in which variables can be either universally or existentially quantified. QBF generalizes SAT (SAT is QBF under the restriction all variables are existential) and is in ...
Compressing BMC Encodings with QBF

Symbolic model checking is PSPACE complete. Since QBF is the standard PSPACE complete problem, it is most natural to encode symbolic model checking problems as QBF formulas and then use QBF decision procedures to solve them. We discuss alternative ...
Improving SAT using 2SAT

Propositional satisfiability (SAT) is a fundamental problem of immense practical importance. While SAT is NP-complete when clauses can contain 3 literals or more, the problem can be solved in linear time when the given formula contains only binary ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICNP '12: Proceedings of the 2012 20th IEEE International Conference on Network Protocols (ICNP)

October 2012

403 pages

ISBN:9781467324458

Publisher

IEEE Computer Society

United States

Publication History

Published: 30 October 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Yuan YMoon SUppal SJia LSekar VBhagwan RPorter G(2020)NetSMCProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388256(181-200)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388256
Jayaraman KBjørner NPadhye JAgrawal ABhargava ABissonnette PFoster SHelwer AKasten MLee INamdhari ANiaz HParkhi APinnamraju HPower ARaje NSharma PWu JHall W(2019)Validating datacenters at scaleProceedings of the ACM Special Interest Group on Data Communication10.1145/3341302.3342094(200-213)Online publication date: 19-Aug-2019
https://dl.acm.org/doi/10.1145/3341302.3342094
Tian BZhang XZhai ELiu HYe QWang CWu XJi ZSang YZhang MYu DTian CZheng HZhao BWu JHall W(2019)Safely and automatically updating in-network ACL configurations with intent languageProceedings of the ACM Special Interest Group on Data Communication10.1145/3341302.3342088(214-226)Online publication date: 19-Aug-2019
https://dl.acm.org/doi/10.1145/3341302.3342088
Diekmann CHupel LMichaelis JHaslbeck MCarle G(2018)Verified iptables Firewall Analysis and VerificationJournal of Automated Reasoning10.1007/s10817-017-9445-161:1-4(191-242)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1007/s10817-017-9445-1
Hallahan WZhai EPiskac RStewart DWeissenbacher G(2017)Automated repair by example for firewallsProceedings of the 17th Conference on Formal Methods in Computer-Aided Design10.5555/3168451.3168496(220-229)Online publication date: 2-Oct-2017
https://dl.acm.org/doi/10.5555/3168451.3168496
Nelson TFerguson AYu DFonseca RKrishnamurthi SRexford JVahdat A(2015)ExodusProceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research10.1145/2774993.2774997(1-7)Online publication date: 17-Jun-2015
https://dl.acm.org/doi/10.1145/2774993.2774997
Reaz RAli MGouda MHeule MElmallah E(2015)The Implication Problem of Computing PoliciesProceedings of the 17th International Symposium on Stabilization, Safety, and Security of Distributed Systems - Volume 921210.1007/978-3-319-21741-3_8(109-123)Online publication date: 18-Aug-2015
https://dl.acm.org/doi/10.1007/978-3-319-21741-3_8

Abstract

Cited By

Recommendations

Using SAT in QBF

Compressing BMC Encodings with QBF

Improving SAT using 2SAT

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations