FIREMAN: A Toolkit for FIREwall Modeling and ANalysis

Berkeley/Oakland, California May 21-May 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SP.2006.16

2006 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Lihua Yuan Articles by Jianning Mai Articles by Zhendong Su Articles by Hao Chen Articles by Chen-Nee Chuah Articles by Prasant Mohapatra

	ASCII Text	x
	Lihua Yuan, Jianning Mai, Zhendong Su, Hao Chen, Chen-Nee Chuah, Prasant Mohapatra, "FIREMAN: A Toolkit for FIREwall Modeling and ANalysis," Security and Privacy, IEEE Symposium on, pp. 199-213, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.

	BibTex	x
	@article{ 10.1109/SP.2006.16, author = {Lihua Yuan and Jianning Mai and Zhendong Su and Hao Chen and Chen-Nee Chuah and Prasant Mohapatra}, title = {FIREMAN: A Toolkit for FIREwall Modeling and ANalysis}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1081-6011}, pages = {199-213}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.16}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - FIREMAN: A Toolkit for FIREwall Modeling and ANalysis SN - 1081-6011 SP199 EP213 A1 - Lihua Yuan, A1 - Jianning Mai, A1 - Zhendong Su, A1 - Hao Chen, A1 - Chen-Nee Chuah, A1 - Prasant Mohapatra, PY - 2006 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Lihua Yuan, University of California, Davis

Jianning Mai, University of California, Davis

Zhendong Su, University of California, Davis

Hao Chen, University of California, Davis

Chen-Nee Chuah, University of California, Davis

Prasant Mohapatra, University of California, Davis

Security concerns are becoming increasingly critical in networked systems. Firewalls provide important defense for network security. However, misconfigurations in firewalls are very common and significantly weaken the desired security. This paper introduces FIREMAN, a static analysis toolkit for firewall modeling and analysis. By treating firewall configurations as specialized programs, FIREMAN applies static analysis techniques to check misconfigurations, such as policy violations, inconsistencies, and inefficiencies, in individual firewalls as well as among distributed firewalls. FIREMAN performs symbolic model checking of the firewall configurations for all possible IP packets and along all possible data paths. It is both sound and complete because of the finite state nature of firewall configurations. FIREMAN is implemented by modeling firewall rules using binary decision diagrams (BDDs), which have been used successfully in hardware verification and model checking. We have experimented with FIREMAN and used it to uncover several real misconfigurations in enterprise networks, some of which have been subsequently confirmed and corrected by the administrators of these networks.

Citation:

Lihua Yuan, Jianning Mai, Zhendong Su, Hao Chen, Chen-Nee Chuah, Prasant Mohapatra, "FIREMAN: A Toolkit for FIREwall Modeling and ANalysis," sp, pp.199-213, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.