Fault and leak tolerance in firewall engineering

Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231) Pub Date : 1998-11-13 DOI:10.1109/HASE.1998.731603

Robert N. Smith, S. Bhattacharya

{"title":"Fault and leak tolerance in firewall engineering","authors":"Robert N. Smith, S. Bhattacharya","doi":"10.1109/HASE.1998.731603","DOIUrl":null,"url":null,"abstract":"The idea and associated benefits of a Firewall cascade, with the firewalls (FWs) placed across a large complex network, distributed system has been proposed and evaluated by the authors (R.N. Smith and S. Bhattacharya, 1997). The paper extends the FW cascade approach to illustrate its applicability in a perspective of FW fault tolerance. We target the class of FW faults that are due to design errors, e.g., FW leaks. Given that most large complex FW designs are likely to contain design errors or leaks, the end-to-end security objective is how best to deploy a set of such potentially leaky FWs in a way that their net effect can seal or eliminate a majority of the FW leaks. The key idea of a FW cascade adding leak tolerance is due to the heterogeneity of different COTS FWs, as well as a higher assurance that not all distinct FWs are likely to contain identical leaks. The proposed capability in the paper enables a prudent design of a secure network that can scale along the levels of security needs, while maximizing performance, reducing cost and enhancing leak tolerance.","PeriodicalId":340424,"journal":{"name":"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1998-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HASE.1998.731603","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The idea and associated benefits of a Firewall cascade, with the firewalls (FWs) placed across a large complex network, distributed system has been proposed and evaluated by the authors (R.N. Smith and S. Bhattacharya, 1997). The paper extends the FW cascade approach to illustrate its applicability in a perspective of FW fault tolerance. We target the class of FW faults that are due to design errors, e.g., FW leaks. Given that most large complex FW designs are likely to contain design errors or leaks, the end-to-end security objective is how best to deploy a set of such potentially leaky FWs in a way that their net effect can seal or eliminate a majority of the FW leaks. The key idea of a FW cascade adding leak tolerance is due to the heterogeneity of different COTS FWs, as well as a higher assurance that not all distinct FWs are likely to contain identical leaks. The proposed capability in the paper enables a prudent design of a secure network that can scale along the levels of security needs, while maximizing performance, reducing cost and enhancing leak tolerance.

查看原文本刊更多论文

防火墙工程中的容错和泄漏

防火墙级联的想法和相关的好处，防火墙(fw)放置在一个大型复杂的网络，分布式系统已经被作者提出和评估(R.N. Smith和S. Bhattacharya, 1997)。本文对FW级联方法进行了扩展，从FW容错的角度说明了它的适用性。我们的目标是由于设计错误导致的FW故障，例如FW泄漏。考虑到大多数大型复杂的FW设计可能包含设计错误或泄漏，端到端安全目标是如何最好地部署一组可能泄漏的FW，以使它们的净效应能够密封或消除大多数FW泄漏。FW级联增加泄漏容差的关键思想是由于不同COTS FW的异质性，以及更高的保证，并非所有不同的FW都可能包含相同的泄漏。本文中提出的功能使安全网络的谨慎设计能够沿着安全需求的级别进行扩展，同时最大限度地提高性能，降低成本并增强泄漏容忍度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings Third IEEE International High-Assurance Systems Engineering Symposium (Cat. No.98EX231)

自引率

0.00%

发文量