Home // ICIMP 2012, The Seventh International Conference on Internet Monitoring and Protection // View article

Firewall Analysis by Symbolic Simulation

Authors:
Arno Wagner
Ulrich Fiedler

Keywords: Firewall Analysis; Symbolic Simulation.

Abstract:
When doing Layer 4 security analysis on a chain of firewalls, the analyst is faced with the problem of combining them into a unified representation in order to verify reachability though the chain and possibly compare it with a security policy. Doing this manually is labor-intensive and becomes infeasible if firewalls with large configurations are part of the chain. To automate the unification process, we have created the Consecom Network Analyzer that uses symbolic simulation with an interval representation to generate a unified equivalent firewall in a normalized, simple and flat form. We show the suitability of this approach for firewalls with large configurations by giving benchmarks based on deployed rule-sets. We also demonstrate the effects of different optimization techniques on run-time and memory footprint. The Consecom Network Analyzer has already been used successfully for security reviews.

Pages: 95 to 100

Copyright: Copyright (c) IARIA, 2012

Publication date: May 27, 2012

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-201-1

Location: Stuttgart, Germany

Dates: from May 27, 2012 to June 1, 2012