Industrial grade methodology for firewall simulation and requirements verification

Firewalls are a critical part in any security framework. Most firewalls consist of a large amount of sequential rules that are unstructured and confusing. Unfortunately, because a lot of rules configuration work is done manually by the network administrators, misconfigurations are very common and can affect the reliability of the firewall. Identifying such anomalies is a challenging task. In this paper, we propose a tree based simulation and verification model to verify if the implemented firewall of a system is in compliance with the belonging firewall requirements. The proposed methodology was developed in relation with the H2020 FORTIKA project and was evaluated in the scope of case studies with industrial partners. The case studies in question related to large scale telecom infrastructures involving critical scenarios in the scope of Smart Cities in general and SME cyber-security protection. Thereby, the executed case studies demonstrate how our approach can lead to improved structuring of firewalls and belonging rules, to the comfortable visualization of firewall structures and decision patterns, and finally to the verification of system and context requirements imposed by the firewall operation environment.