Geodesic
An effective algorithm for collision resolution in security policy rules
Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 1, pp. 75-89.

Voir la notice de l'article provenant de la source Math-Net.Ru

A firewall is the main classic tool for monitoring and managing the network traffic on a local network. Its task is to compare the network traffic passing through it with the established security rules. These rules, which are often also called security policy, can be defined both before and during the operation of the firewall. Managing the security policy of large corporate networks is a complex task. In order to properly implement it, firewall filtering rules must be written and organized neatly and without errors. In addition, the process of changing or inserting new rules should be performed only after a careful analysis of the relationship between the rules being modified or inserted, as well as the rules that already exist in the security policy. In this article, the authors consider the classification of relations between security policy rules and also give the definition of all sorts of conflicts between them. In addition, the authors present a new efficient algorithm for detecting and resolving collisions in firewall rules by the example of the Floodlight SDN controller.
Keywords: access control list, firewall, software defined network, SDN, security policy tree.
Mots-clés : ACL 
@article{MAIS_2019_26_1_a5,
     author = {S. V. Morzhov and V. A. Sokolov},
     title = {An effective algorithm for collision resolution in security policy rules},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {75--89},
     publisher = {mathdoc},
     volume = {26},
     number = {1},
     year = {2019},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a5/}
}
TY  - JOUR
AU  - S. V. Morzhov
AU  - V. A. Sokolov
TI  - An effective algorithm for collision resolution in security policy rules
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2019
SP  - 75
EP  - 89
VL  - 26
IS  - 1
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a5/
LA  - ru
ID  - MAIS_2019_26_1_a5
ER  - 
%0 Journal Article
%A S. V. Morzhov
%A V. A. Sokolov
%T An effective algorithm for collision resolution in security policy rules
%J Modelirovanie i analiz informacionnyh sistem
%D 2019
%P 75-89
%V 26
%N 1
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a5/
%G ru
%F MAIS_2019_26_1_a5
S. V. Morzhov; V. A. Sokolov. An effective algorithm for collision resolution in security policy rules. Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 1, pp. 75-89. http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a5/

[1] Al-Shaer E., et al., “Automated Firewall Analytics. Design, Configuration and Optimization”, Proceedings of 2016 IEEE Trustcom/BigDataSE/ISPA, Springer, 2014, 15–18

[2] Abedin M., Nessa S., Khan L., Thuraisingham B., “Detection and Resolution of Anomalies in Firewall Policy Rules”, Data and Applications Security XX, Springer, 2006, 15–29 | DOI

[3] Morzhov S., Nikitinskiy M., “Development and research of the PreFirewall network application for Floodlight SDN controller”, 2018 Moscow Workshop on Electronic and Networking Technologies, MWENT (Moscow, March 14–16), IEEE, 2018, 1–4

[4] Morzhov S., Sokolov V., Nikitinskiy M., Chaly D., “Building a Security Policy Tree for SDN Controllers”, 2018 International Scientific and Technical Conference Modern Computer Network Technologies, MoNeTec (Moscow, October 25), IEEE, 2018, 1–6

[5] Morzhov S., Alekseev I., Nikitinskiy M., “Firewall application for Floodlight SDN controller”, XII International Siberian Conference on Control and Communications, SIBCON-2016 (Moscow, May 12–14), IEEE, 2016, 1–5