Title
|
|
|
|
On the evolvability of the TCP-IP based network firewall rule base
| |
Author
|
|
|
|
| |
Abstract
|
|
|
|
A firewall is an essential network security component. The firewall rule base, the list of filters to be applied on network traffic, can have significant evolvability issues in a context where companies consider their firewall as complex. While sufficient literature exists on how to analyze a rule base, little research is available on how to properly construct a rule base upfront which prevents the occurrence of evolvability issues. According to Normalized Systems theory, a system is unstable under change if changes require an effort that is proportional to the type of change and the size of the system. A system that is unstable under change is considered non-evolvable. The issue with firewall changes relates to this instability under change. By analyzing the root cause of the evolvability issues and proposing design criteria making use of Normalized Systems theory, we attempt to solve the evolvability issues of TCP/IP-based firewalls. This work presents a set of design criteria to create an exante proven evolvable rule base, as well as an algorithm which performs an essential step in converting an existing non-evolvable rule base into an evolvable rule base. |
| |
Language
|
|
|
|
English
| |
Publication
|
|
|
|
Antwerp
:
Antwerp University
,
2021
| |
Volume/pages
|
|
|
|
xxiii, 114 p.
| |
Note
|
|
|
|
:
Mannaert, Herwig [Supervisor]
| |
Full text (open access)
|
|
|
|
| |
|