|
Title
|
|
|
|
Ontological analysis of the evolvability of the network firewall rule base
| |
|
Author
|
|
|
|
| |
|
Abstract
|
|
|
|
| The TCP/IP based firewall is a notorious non-evolvable system. Changes to the firewall often result in unforeseen side effects, resulting in the unavailability of network resources. The root cause of these issues lies in the order sensitivity of the rule base. It is not only essential to define the correct rule. The rule must be placed at the right location in the rule base. As the rule base becomes more extensive, the problem increases. According to Normalized Systems, this is a Combinatorial Effect. This paper studies the ontology of a rule base and its implementation in an actual firewall. Based on this study, we explain why existing firewalls do not prevent evolvability issues. A new ontological model and implementation are proposed, using Normalized Systems, which drastically increases the firewall rule base’s evolvability. |
| |
|
Language
|
|
|
|
English
| |
|
Source (book)
|
|
|
|
Proceedings of the 20th CIAO! Doctoral Consortium, and Enterprise Engineering Working Conference Forum 2020, co-located with 10th Enterprise Engineering Working Conference (EEWC 2020), Bozen / Bolzano, Italy, September 28th, October 19th and November 9th-10th, 2020
| |
|
Source (series)
|
|
|
|
Workshop proceedings / CEUR ; 2825
| |
|
Publication
|
|
|
|
CEUR
,
2020
| |
|
Volume/pages
|
|
|
|
(2020)
, p. 1-15
| |
|
Full text (open access)
|
|
|
|
| |
|