• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Classifying Rules by In-out Traffic Direction to Avoid Security Policy Anomaly

Vol. 4, No. 4, August 26, 2010
10.3837/tiis.2010.08.013, Download Paper (Free):

Abstract

The continuous growth of attacks in the Internet causes to generate a number of rules in security devices such as Intrusion Prevention Systems, firewalls, etc. Policy anomalies in security devices create security holes and prevent the system from determining quickly whether allow or deny a packet. Policy anomalies exist among the rules in multiple security devices as well as in a single security device. The solution for policy anomalies requires complex and complicated algorithms. In this paper, we propose a new method to remove policy anomalies in a single security device and avoid policy anomalies among the rules in distributed security devices. The proposed method classifies rules according to traffic direction and checks policy anomalies in each device. It is unnecessary to compare the rules for outgoing traffic with the rules for incoming traffic. Therefore, classifying rules by in-out traffic, the proposed method can reduce the number of rules to be compared up to a half. Instead of detecting policy anomalies in distributed security devices, one adopts the rules from others for avoiding anomaly. After removing policy anomalies in each device, other firewalls can keep the policy consistency without anomalies by adopting the rules of a trusted firewall. In addition, it blocks unnecessary traffic because a source side sends as much traffic as the destination side accepts. Also we explain another policy anomaly which can be found under a connection-oriented communication protocol


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
S. Kim and H. Lee, "Classifying Rules by In-out Traffic Direction to Avoid Security Policy Anomaly," KSII Transactions on Internet and Information Systems, vol. 4, no. 4, pp. 671-690, 2010. DOI: 10.3837/tiis.2010.08.013.

[ACM Style]
Sunghyun Kim and Heejo Lee. 2010. Classifying Rules by In-out Traffic Direction to Avoid Security Policy Anomaly. KSII Transactions on Internet and Information Systems, 4, 4, (2010), 671-690. DOI: 10.3837/tiis.2010.08.013.

[BibTeX Style]
@article{tiis:19879, title="Classifying Rules by In-out Traffic Direction to Avoid Security Policy Anomaly", author="Sunghyun Kim and Heejo Lee and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2010.08.013}, volume={4}, number={4}, year="2010", month={August}, pages={671-690}}