Title: A framework for firewalls policy representativeness testing based on classification and reversible metrics

Authors: Kamel Karoui; Fakher Ben Ftima; Henda Ben Ghezala

Addresses: RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia ' RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia ' RIADI Laboratory, National School of Computer Science, University of Manouba, 2010, Tunisia

Abstract: Network's security organisation and management is a hard and complex task. This is due to the diversity of security components and activities such as security policy specification, anomalies detection, vulnerability assessment, etc. In this paper, we propose to organise and gather these activities in a unique framework called network security life-cycle. Security components, especially firewalls, deployment should respect the network security life-cycle. It is necessary to check that the firewalls policy's state or quality is accurately representative of all deployed firewalls. This activity is based on a set of individual metrics that allow us to evaluate and classify the security policy and firewalls according to the accurately implemented rules. Those metrics are gathered and classified to provide a unique reversible representativeness metric. In case of bad representative metric value, we can use the reversible metric to find back the individual metrics classifications and then detect the cause of this deficiency.

Keywords: RRM; reversible representativeness metric; exactly matching classification; firewall policy; firewalls; quantitative evaluation; statistical evaluation; semantic evaluation; reversible metrics; network security; security policy.

DOI: 10.1504/IJSN.2016.078393

International Journal of Security and Networks, 2016 Vol.11 No.3, pp.140 - 159

Received: 25 Aug 2014
Accepted: 17 Feb 2015

Published online: 16 Aug 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article