10-06-2017, 06:55 AM
A firewall is a system that acts as the interface of a network to one or more external networks. It implements the network security policy when deciding which packets should be left based on rules defined by the network administrator. Any error defining the rules can compromise system security by allowing unwanted traffic to pass or block the desired traffic. Manual rule definition often results in a set containing conflicting, redundant, or hidden rules, resulting in policy anomalies. Detecting and manually solving these anomalies is a critical but tedious and error-prone task. Existing research on this problem has focused on the analysis and detection of anomalies in firewall policy. Previous work defines the possible relations between rules and defines anomalies in terms of the relations and algorithms present to detect the anomalies by analysing the rules. In this paper, we discuss some necessary modifications to existing definitions of relationships. We present a new algorithm that will simultaneously detect and solve any anomaly present in the rules of the policy through reorder and division operations necessary to generate a new set of rules without anomaly. We also present a proof of algorithm correction. Next, we present an algorithm to combine the rules when possible in order to reduce the number of rules and therefore increase the efficiency of the firewall.