On the evolvability of the TCP-IP based network firewall rule base

Haerens, Geert

Title

Author

Abstract

A firewall is an essential network security component. The firewall rule base, the list of filters to be applied on network traffic, can have significant evolvability issues in a context where companies consider their firewall as complex. While sufficient literature exists on how to analyze a rule base, little research is available on how to properly construct a rule base upfront which prevents the occurrence of evolvability issues. According to Normalized Systems theory, a system is unstable under change if changes require an effort that is proportional to the type of change and the size of the system. A system that is unstable under change is considered non-evolvable. The issue with firewall changes relates to this instability under change. By analyzing the root cause of the evolvability issues and proposing design criteria making use of Normalized Systems theory, we attempt to solve the evolvability issues of TCP/IP-based firewalls. This work presents a set of design criteria to create an exante proven evolvable rule base, as well as an algorithm which performs an essential step in converting an existing non-evolvable rule base into an evolvable rule base.

Language

English

Publication

Antwerp : Antwerp University , 2021

Volume/pages

xxiii, 114 p.

Note

Supervisor: Mannaert, Herwig [Supervisor]

Full text (open access)

https://repository.uantwerpen.be/docstore/d:irua:9404

Faculty/Department				Faculty of Business and Economics

Research group				Management Information Systems (MIS)
Publication type				Doctoral thesis

Subject				Economics Computer. Automation

Affiliation				Publications with a UAntwerp address

Identifier

Creation

29.11.2021

Last edited

07.10.2022

To cite this reference

https://hdl.handle.net/10067/1834610151162165141