Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Industrial grade methodology for firewall simulation and requirements verification

 
: Barakat, Ramon; Catal, Faruk; Tcholtchev, Nikolay; Rebahi, Yacine; Schieferdecker, Ina

:
Postprint urn:nbn:de:0011-n-5933109 (50 KByte PDF)
MD5 Fingerprint: e45611393a036071b4e4e4aee08d84a3
© IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Created on: 30.6.2020


Institute of Electrical and Electronics Engineers -IEEE-; IEEE Communications Society; International Federation for Information Processing -IFIP-:
NOMS 2020, IEEE/IFIP Network Operations and Management Symposium. Proceedings : Management in the Age of Softwarization and Artificial Intelligence, 20-24 April 2020
Piscataway, NJ: IEEE, 2020
ISBN: 978-1-7281-4973-8
ISBN: 978-1-7281-4974-5
7 pp.
Network Operations and Management Symposium (NOMS) <2020>
English
Conference Paper, Electronic Publication
Fraunhofer FOKUS ()
Firewall; verification; simulation; requirements traceability; quality assurance; model checking; model testing

Abstract
Firewalls are a critical part in any security framework. Most firewalls consist of a large amount of sequential rules that are unstructured and confusing. Unfortunately, because a lot of rules configuration work is done manually by the network administrators, misconfigurations are very common and can affect the reliability of the firewall. Identifying such anomalies is a challenging task. In this paper, we propose a tree based simulation and verification model to verify if the implemented firewall of a system is in compliance with the belonging firewall requirements. The proposed methodology was developed in relation with the H2020 FORTIKA project and was evaluated in the scope of case studies with industrial partners. The case studies in question related to large scale telecom infrastructures involving critical scenarios in the scope of Smart Cities in general and SME cyber-security protection. Thereby, the executed case studies demonstrate how our approach can lead to improved structuring of firewalls and belonging rules, to the comfortable visualization of firewall structures and decision patterns, and finally to the verification of system and context requirements imposed by the firewall operation environment.

: http://publica.fraunhofer.de/documents/N-593310.html