Algorithms for Verifying Firewall and Router Access Lists

Abstract

Security in computer networks is a very complex task with various requirements. The network security policy that describes these security requirements is primarily presented in a high-level form. Also, the security policy is enforced using some low-level security mechanisms; mainly firewall technology. This paper presents a new algorithm for verifying the equivalence between the high-level security policy and the corresponding low-level firewall rule-base. This verification ensures that there is no security hole. Also, it ensures that there is no missed low-level rule which may lead to unstable and unconvinced usage of the network.