A formal basis for the design and analysis of firewall security policies

TitreA formal basis for the design and analysis of firewall security policies
Publication TypeJournal Article
Year of Publication2018
AuthorsKhoumsi, A, Erradi, M, Krombi, W
JournalJournal of King Saud University - Computer and Information Sciences

A firewall is the core of a well defined network security policy. This paper presents an automata-based method to study firewall security policies. We first propose a procedure that synthesizes an automaton that describes a security policy given as a table of rules. The synthesis procedure is then used to develop procedures to detect: incompleteness, anomalies and discrepancies in security policies. A method is developed to represent the automaton by a policy qualified as mixable and that has practical utilities, such as ease to determine the whitelist and the blacklist of the policy. The developed procedures have been deeply evaluated in terms of time and space complexities. Then, a real case study has been investigated. The obtained results confirm that the developed procedures have reasonable complexities and that their actual execution times are of the order of seconds. Finally, proofs of all results are provided. © 2016 King Saud University




Suivez-nous sur





Avenue Mohammed Ben Abdallah Regragui, Madinat Al Irfane, BP 713, Agdal Rabat, Maroc

  Télécopie : (+212) 5 37 68 60 78

  Secrétariat de direction : 06 61 48 10 97

        Secrétariat général : 06 61 34 09 27

        Service des affaires financières : 06 61 44 76 79

        Service des affaires estudiantines : 06 62 77 10 17 / n.mhirich@um5s.net.ma

        Résidences : 06 61 82 89 77



    Compteur de visiteurs:480,034
    Education - This is a contributing Drupal Theme
    Design by WeebPal.