Using Normalized Systems to Explore the Possibility of Creating an Evolvable Firewall Rule-base

Haerens, Geert; De Bruyn, Peter

Home // PATTERNS 2019, The Eleventh International Conference on Pervasive Patterns and Applications // View article

Using Normalized Systems to Explore the Possibility of Creating an Evolvable Firewall Rule-base

Authors:
Geert Haerens
Peter De Bruyn

Keywords: Normalized Systems; Firewall; Rule base

Abstract:
A firewall is an essential network security component. The firewall rule base, the list of filters to be applied on network traffic, can have significant evolvability issues in a context where companies consider their firewall as complex. Whereas sufficient literature exists on how to analyze a rule base which is running out of control, little research is available on how to properly construct a rule base upfront, preventing the evolvability issues to occur. Normalized Systems (NS) theory provides proven guidance on how to create evolvable systems. In this paper, NS is used to study the combinatorics involved when creating a firewall rule base. Based on those combinatorics, an artifact (method) is proposed to create a firewall rule base which has evolvability in its design.

Pages: 7 to 16

Copyright: Copyright (c) IARIA, 2019

Publication date: May 5, 2019

Published in: conference

ISSN: 2308-3557

ISBN: 978-1-61208-708-5

Location: Venice, Italy

Dates: from May 5, 2019 to May 9, 2019