Abstract
Firewalls play a vitally important role to network security. Packet filtering in firewall either accepts or denies network packets based upon a set of pre-defined rules called firewall policy. Management of firewall policy is a boring task and is always prone to error. There have been a lot of analysis methods for anomalies detection of IPv4 firewall policy. But, for the reason of enormous address space, these methods either could not be used to deal with IPv6 firewall policy directly, or have low effectiveness. In this work, we propose a method by using a formal method that can analyze the inclusion relations between every two IPv6 firewall rules and detect their anomalies. We have implemented a prototype system to verify our proposed method, experimental results show the effectiveness.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have