Formal reasoning of web application Firewall rules through ontological modeling

Abstract

Web application Firewalls (WAF)s are security tools that protect web application from external attacks. They do so by applying a set of security policy rules on HTTP traffic generated and received by web applications. These policies Rules are in-fact the heart of WAFs which are unable to provide strong protection on their own without well-written policy rules. Unfortunately due to complexity of web application and increased sophistication of application level attacks the rule configuration and management for WAFs is an error prone and tedious task. This paper is an effort to explore the effectiveness of an Ontology based framework for modeling, configuring, querying and reasoning overWAF Firewall configurations.We have tested our framework on a leading open source web application firewalls known as ModSecurity. Our preliminary results show that our framework significantly improves configuration errors in the WAF ruleset that arise because of duplication and policy conflicts.