Configuring firewalls is a difficult task. The reason is that the effects of firewall rules cannot be seen during the configuration time. As a result, errors and loopholes in firewall rules are discovered only at the run time and they often cause attacks. In this paper, we develop a graph-based method for analyzing firewall rules with services. Our new model provides advantages over all existing methods in that it can compute effects of firewall rules at multiple firewalls in an intuitive and efficient way. In addition, it offers a new rule analysis called rule tracking.
展开▼