Firewalls are effectively employed to protect network portions by blocking illegitimate traversing traffic. However, during traffic load peaks, possibly due to DoS-like attacks, they may become performance bottlenecks, introducing consistent delays/losses on legitimate packets. In multiple firewall networks, a cooperative approach to mitigate performance degradation caused by firewall overloads consists in suitably distributing responsibility for security policy implementation among available devices to balance workload. We present a technique for migrating security policies among firewalls in a sequence, formally verified to preserve the overall security policy implemented by the sequence itself. The technique can be used as building block in the development of cooperative solutions allowing to balance workload in networks where firewalls are arbitrarily placed to guard specific domains.

An algorithm for security policy migration in multiple firewall networks

M Cheminod;L Durante;L Seno;A Valenzano
2021

Abstract

Firewalls are effectively employed to protect network portions by blocking illegitimate traversing traffic. However, during traffic load peaks, possibly due to DoS-like attacks, they may become performance bottlenecks, introducing consistent delays/losses on legitimate packets. In multiple firewall networks, a cooperative approach to mitigate performance degradation caused by firewall overloads consists in suitably distributing responsibility for security policy implementation among available devices to balance workload. We present a technique for migrating security policies among firewalls in a sequence, formally verified to preserve the overall security policy implemented by the sequence itself. The technique can be used as building block in the development of cooperative solutions allowing to balance workload in networks where firewalls are arbitrarily placed to guard specific domains.
2021
Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT
Firewalls
Network security
Policy migration
Formal methods
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/397551
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact