CNR Institutional Research Information System

Firewalls are effectively employed to protect network portions by blocking illegitimate traversing traffic. However, during traffic load peaks, possibly due to DoS-like attacks, they may become performancebottlenecks, introducing consistent delays/losses on legitimate packets. In multiple firewall networks, a cooperative approach to mitigate performance degradation caused by firewall overloads consists insuitably distributing responsibility for security policy implementation among available devices to balance workload. We present a technique for migrating security policies among firewalls in a sequence,formally verified to preserve the overall security policy implemented by the sequence itself. The technique can be used as building block in the development of cooperative solutions allowing to balanceworkload in networks where firewalls are arbitrarily placed to guard specific domains.

An algorithm for security policy migration in multiple firewall networks

M Cheminod
Primo
;L Durante;L Seno;
2021

Abstract

Firewalls are effectively employed to protect network portions by blocking illegitimate traversing traffic. However, during traffic load peaks, possibly due to DoS-like attacks, they may become performancebottlenecks, introducing consistent delays/losses on legitimate packets. In multiple firewall networks, a cooperative approach to mitigate performance degradation caused by firewall overloads consists insuitably distributing responsibility for security policy implementation among available devices to balance workload. We present a technique for migrating security policies among firewalls in a sequence,formally verified to preserve the overall security policy implemented by the sequence itself. The technique can be used as building block in the development of cooperative solutions allowing to balanceworkload in networks where firewalls are arbitrarily placed to guard specific domains.
2021
Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni - IEIIT
Inglese
CEUR Workshop Proceedings of the Italian Conference on Cybersecurity (ITASEC 2021)
Contributo
Italian Conference on Cybersecurity (ITASEC 2021)
2940
344
359
16
http://ceur-ws.org/Vol-2940/paper29.pdf
Esperti anonimi
April 7-9, 2021
All Digital Event
Internazionale
Firewalls
Network security
Policy migration
Formal methods
2-s2.0-85114937124
Elettronico
No
4
open
Cheminod, M; Durante, L; Seno, L; Valenzano, A
273
info:eu-repo/semantics/conferenceObject
04 Contributo in convegno::04.01 Contributo in Atti di convegno
   Cyber Security Network of Competence Centres for Europe
   CyberSec4Europe
   European Commission
   Horizon 2020 Framework Programme
   830929
04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
prod_456669-doc_176832.pdf

accesso aperto

Descrizione: An algorithm for security policy migration in multiple firewall networks
Tipologia: Versione Editoriale (PDF)
Licenza: Creative commons
Dimensione 1.45 MB
Formato Adobe PDF
Visualizza/Apri
1.45 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/397551
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? ND
social impact