Formal approach for managing firewall misconfigurations

Abstract

Firewalls are essential components in network security solutions. They implement a network security policy which represents the highest level requirements for controlling the resource accesses. The effectiveness of security protection provided by a firewall mainly depends on the quality of the configuration implemented in it. Unfortunately, different conflicts between filtering rules may occur which make the network vulnerable to attacks. Manual management of this problem can be overwhelming and potentially inaccurate. Therefore, there is a need of automated methods to analyze, detect and correct misconfigurations. Prior solutions have been proposed but we note their drawbacks are threefold: First, common approaches deal only with pairwise filtering rules. In such a way, some other classes of configuration anomalies could be uncharted. Second, syntactic anomalies could be intentional (i.e., not perforce misconfigurations). This substantial distinction is not often highlighted. Third, although anomalies resolution is a tedious and error prone task, it is generally given to the network administrator. We present, in this paper, a formal approach whose contributions are the following: Detecting new classes of anomalies, bringing out real misconfigurations and finally, proposing automatic resolution method by considering the security policy. We prove the soundness of our method and demonstrate its applicability and scalability by the use of a Satisfiabilty Solver. The first results we obtained are very promising.