IPsec/Firewall Security Policy Analysis : A Survey
Roumaissa Khelf
Networks and System Laboratory
Computer Science Department
Badji Mokhtar-Annaba University
Annaba, Algeria
[email protected]
Nacira Ghoualmi-Zine
Networks and System Laboratory
Computer Science Department
Badji Mokhtar-Annaba University
Annaba, Algeria
[email protected]
Abstract—As the technology reliance increases, computer
networks are getting bigger and larger and so are threats and
attacks. Therefore Network security becomes a major concern
during this last decade. Network Security requires a
combination of hardware devices and software applications.
Namely, Firewalls and IPsec gateways are two technologies
that provide network security protection and repose on
security policies which are maintained to ensure traffic control
and network safety. Nevertheless, security policy
misconfigurations and inconsistency between the policy’s rules
produce errors and conflicts, which are often very hard to
detect and consequently cause security holes and compromise
the entire system functionality. In This paper, we review the
related approaches which have been proposed for security
policy management along with surveying the literature for
conflicts detection and resolution techniques. This work
highlights the advantages and limitations of the proposed
solutions for security policy verification in IPsec and Firewalls
and gives an overall comparison and classification of the
existing approaches.
Keywords—Network Security; Security policy; IPsec;
Firewall; Security policy anomalies; policy analysis; Conflicts
analysis.
I. INTRODUCTION
To enforce network security, several functionalities are
implemented by the security to ensure security within a
computer network. Some of security controls are used to
control traffic like firewalls (Network protection), others
have the capability to control and modify the traffic as IPsec
gateways (VPNs Protection) [1]. Despite that IPsec is newer
than firewall technology, firewall studies are more common
and various. This can be due to the fact that firewalls are
more market-share. So, this gives us a motivation to regroup
both technologies in this survey in order to show up which
one of them is the best choice for the network security
verification. Whereas studies are varied, Firewall and IPsec
share the similar nature, thus security policies are an
essential component for both of them. Basically, security
policies are considered complex in large systems, and it is
hard to find faults. In addition, network administrators
cannot always have a deep insight of the network
configuration; hence, those challenges make the security
policy testing and verification much harder. To solve this
problem, several approaches have been proposed in
literature. The main objective of those studies was to find out
a way to automatize the verification and the management of
security policy by introducing different techniques for
conflicts identification and resolution. So, this survey
highlights different studies for policy analysis context and
especially on conflict management. Regarding studies on
policy analysis topic, we can notice that there is no global or
general solution that can be applied directly to solve the
problem. Most of the studies focus on sub-problems parts
solutions, thus the proposed works does not grant compatible
solutions. Also, as regards to the network topology, dynamic
environment of distributed networks must be taken into
consideration (enterprise networks); because some of the
proposed approaches are inefficient for dynamic conditions.
More details will be given in next sections.
This work highlights the existing researches in the field
of security policy verification and analysis. We highlight the
most important approaches in a chronological order, while
emphasizing the different advantages and disadvantages of
these approaches. We also discuss the differences between
these works, and propose solutions in order to overcome
prior studies drawbacks and also we propose a categorization
schema for the existing approaches in this area.
This paper is organized as follows. Section 2 presents a
global overview on both technologies Firewall and IPsec
hence the basic differences between them. In Section 3 we
present a brief definition of security policy and the notion of
filtering rules, as well as the policy analysis and its different
fields. Section 4 presents the researches carried out on
different types of security policy concerning firewalls and
IPsec. In section 5 we compare the cited works and discuss
the main differences between those approaches in addition to
a proposition of a categorization schema.
II. FIREWALL VS IPSEC
Firewall and IPsec are both complementary components
for network security. We can’t really compare them;
however, there are some differences between IPsec and
firewalls. In this section we try to identify those differences
and understand subtleties of both technologies.
A. Firewalls
Firewalls are network devices which enforce an
organization’s security policy [2]. It can be a router, an
access server, or a several services modules. Firewall
monitors the outgoing and incoming traffic from and to a
network. The monitoring operation is done using packet
filters and aims to allow or deny the traffic. Firewall filters
the packets according to various criteria such as IP addresses,
Ports, network interfaces… etc. All those information are
ordered in a set of rules which constitute security policies of
firewalls. The main objective of a firewall is to determine the
accessibility of a type of traffic in a particular network.
Indeed the principal is simple; a firewall protects the network
by allowing or discarding wanted or unwanted traffic
respectively. However, firewalls do not secure or modify the
actual traffic going back and forth. Beside the fact that not all
attacks types are handled, the emerging technologies like
VPN and P2P present new challenges for firewalls.
B. IPsec
Internet Protocol security (IPsec) is known as a costeffective way to establish security in Virtual Private
Networks (VPNs). IPsec is a set of open standard that
provide data authentication, integrity and confidentiality. It
can be used to protect the data flow between a pair of hosts, a
pair of gateways or between a host and a gateway. Regarding
IPsec security architecture, it defines two types of security
policies: the access control list and the crypto map list.
Access control list defines the protected traffic and the
crypto access list defines the protection parameters to be
applied on this traffic. In other words, the distribution of
protection in IPsec depends on the design of the security
policy and its distribution.
C. Firewall and IPsec Comparison
To sum up, Firewall is used to protect a network from
unwanted traffic, however, IPsec is used to protect a server
or a group of servers in a network IPsec protect the wanted
traffic while crossing the network, hence IPsec is not just
controlling traffic but also protecting it. In other words,
firewall security policies are defined to control the traffic
access to the network. It aims to permit legitimate traffic and
blocks unwanted traffic. On the other hand, IPsec’s access
control policy has a similar aim of firewall policy; however
legitimate traffic is either permitted directly or protected
before the transmission. Therefrom, the main distinction
comes between the firewall and IPsec. When the legitimate
traffic is judged to be protected, the IPsec encryption list
takes place, and the traffic is compared to its filtering rules to
find out which IPsec perform (AH, ESP, Tunnel, Transport
mode) must be applied on this traffic.
Despite the differences, both technologies can be used to
ensure the network protection; the firewall is more
convenient in term of the centralized protection. Hence IPsec
is more powerful in the term of flexible protection and
servers/domains isolations.
III. POLICY VERIFICATION BACKGROUND
A. Network Security Policy
A network security policy is a set of requirements and
that control the behavior of an entity in a network. This
behavior is defined by a set of constraints, which are meant
to govern data access, use, and transfer inside the network.
The security policy requirement is defined as a set of
filtering rules; these rules are tried in a particular order that
ensure the correct execution of policy directives. Generally,
security policies are used to ensure three main
functionalities: Confidentiality (data secrecy), Integrity (data
originality) and Availability (data access).
B. Security Policy Analysis
After the definition of security policy directives, comes
the specification of filtering rules. This phase is called
policy configuration, which is typically complicated and
error-prone. Despite the huge importance of security
policies on the security of communication networks,
conflicts can lead to security breaches and high risk attacks.
Thus, conflicts in network security policy can be a result of
misconfiguration or inconsistency between different rules in
the same policy or in different policies. Therefore, to ensure
the correct functioning of the policy, conflicts should be
avoided or at least identified in order to remove them. This
solution is not as easy as it sounds because of many
difficulties that make the conflict management a very hard
task for network administrator such as; the growing number
of internet applications, the nature of distributed networks,
different types of security controls and the large number of
policies and rules which can cause an extremely high
number of conflicts, hence it become intractable for network
administrator. Therefrom, the need arises to find more
suitable solutions for the verification of security policies.
C. Policy Analysis
As discussed before, Network security cannot be
guaranteed without a well-designed security policy. Hence,
several studies have been carried out to overcome the
problem of conflicts and configuration errors in different
types of security policies such as in social network policies
[3] or cloud computing [4], Policy analysis consists of the
verification of policy configuration in order to monitor the
changes in policies, behavior or security violation caused by
a conflict. To be noted that during the analysis of policy,
devices which are already deployed remains unchangeable
and under the control of a network administrator.
Regarding the proposed works in literature that extend
the concept of policy analysis, we can divide them into three
main categories: reachability, policy comparison and conflict
analysis. (Fig. 1) Essentially, our focus will be on conflicts
Fig. 1. Classification of Policy Analysis Approaches
analysis.
The analysis of conflicts aims to identify potential errors
in single or multiple security policies (intra and inter
domains). Without the loss of generality, the approaches
used for conflict analysis can be also categorized into three
main categories: verification of configurations, conflicts
detection and policy optimization. Thus, the proposed
solutions for the conflicts detection across last years, can be
divided in three sub-categories: the first one is the policy
management sub-category, which is based on data structures
like [5], the second one is the proposition of novel formal
models as in [6] and lastly, the proposition of new tools such
as [7].
IV. STATE OF THE ART
In literature, firewall policy verification is a very
common research field; a lot of approaches were proposed
in order to provide a complete solution of the main problem:
the conflict analysis. In this section, we show some of these
proposed approaches for firewall policy verification.
A. Firewall Approaches
The Proposition of Al in [8] was the first paper that
introduced the concept of conflict analysis of firewall
policy. Authors in this paper define all the existing relations
between policy rules, their classification defines 5 types of
relationships: complete disjoint where rules are independent
and do not have any intersection, exactly matched: two rules
match the same traffic and apply the same action for this
traffic. The other type is: Inclusively matched, this relation
occurs when the rules do not exactly match the same traffic,
in other words, every field in the first rule is a subset or
equal to the corresponding fields in the second rule.
Partially disjoint: is when at least one of the first rule fields
is a subset or equal to the other rule and finally Correlation
is when some fields of the rule are subsets or equals to the
corresponding fields in the second rules, and the rest of
other fields are superset or equals. The authors present
policy using a single rooted tree (policy tree) so every node
in the policy tree represents a field of a filtering rule and
each branch at this node represents a possible value for the
associated field. Then they give a classification of 4 types of
anomalies (shadowing, correlation, generalization and
redundancy). The authors use a tool called policy advisor
that help the administrator to manage a firewall policy
without prior analysis of filtering rules. Thus, it implements
two management tools: policy anomaly detector: identify
anomalies and notify the administrator and policy editor;
which reorder the updated or inserted rules. However policy
advisor is limited in detecting only pairwise anomalies in
firewall rules. This work was extended next to [9]. In this
work, the authors add a new classification which includes
the multi-firewall environment anomalies. So they develop
their technique to detect anomalies in centralized and
distributed legacy firewall. The new defined conflicts are
(shadowing, spuriousness, correlation, redundancy and
irrelevance). Shadowing occurs between two rules in two
different firewalls that match the same packets and the first
rule blocks a packet that is permitted by the second rule.
The case of spuriousness is defined when two rules match
the same packet and the first rule permit this packet which is
blocked by the second rule. According to their definition,
rules in correlation are rules in different firewall. These
rules match some common packets, but apply different
actions. However, if these two rules block the traffic, it’s
then a redundancy conflict. The irrelevances anomaly is
defined by rules which do not have any corresponding
matched traffic. Authors specify that rules insertion phase is
performed in two steps, the first one is the rule placement
which aims to find the corresponded firewall by identifying
all the possible paths, and the next step is to verify the
relation between the new rule and the existing rules in order
to avoid intra-firewall anomalies. Despite this work was
very helpful for next studies, it has the drawback of
detecting anomalies only afterward, and do not provide a
recovery mechanism, also it’s not suitable for all the
security controls. In addition, high performances are
guaranteed only for a limited number of rules. Another
extension of Al-Shaer’s work is [10]. This work proved that
conflicts classified by Al-Shaer cation are the only conflicts
that could exist in firewall policies. The authors present a set
of algorithms to detect rule anomalies within a single
firewall (intra-firewall anomalies), and between
interconnected firewalls (inter-firewall anomalies) in the
network. In addition to their previous works they presented
a user-friendly Java-based implementation of the Firewall
Policy Advisor. This work was also extended by Al-Shaer in
[11]. The Authors in [12] also proposed a novel tool
“FIREMAN†for the analysis of firewall policies. They use
the Binary Decision Diagram (BDD) [13] to represent the
packet filtering policies. This work provides intra-policy
packets analysis and verifies the correct implementation on
end-to-end policy.
The FIREMAN detection technique is based on the
analysis of potential relationships between a filtering rule
and a packet space. Hence this packet space is derived from
the set of all the preceding rules. The main limitation of
FIREMAN is that it can only detect the anomaly without
identifying the rules involved. Also, subsequent rules are
ignored during the anomaly analysis. In [14] FIREMAN toll
was extended to deal with NAT and routing tables. Their
tool, Prometheus, unlike Fireman, is able to detect the
misconfiguration beside rules responsible for it. Prometheus
identifies the anomaly when two different paths within the
same firewall execute several decisions for the same packet.
In Addition some corrections are also available with this
tool. In [15], the authors define a methodology to classify
firewall policy rule conflicts, according to their severity
level. Authors present a classification of different intrapolicy conflicts, where severity defines the rank of
correlation between the presences of conflict in policy and
the erroneous behavior of the respective device. Exact
match, shadowing, and post redundancy are severe conflicts
according to authors’ definition. The resolution of conflicts
depends in some cases, on the network manager decision;
that can associate priorities to the conflictual rules. One of
the major limitations of this work is that the approach
concerns only a one firewall policy implementation; it is not
applied on distributed firewall policies. Al-Shaer approach
was very helpful for researches thus, a lot of works has been
proposed based on it. Those novel approaches prove that alShaer classification is general and applicable for multiple
scenarios. Additionally, some researchers introduce
different security component for the security policy analysis
context, for instance in [16], authors add the possibility to
manage security policies over a distributed network security
as network intrusion detection systems (NIDS) for the
detection of conflicts in filtering packet rules, the authors
presented a network model that allows identification of
components which are crossed by a given packet knowing
its source and destination. Based on this model they defined
two new types of conflicts (irrelevance and missconnection). In this work, the security policy is rewritten in
a positive and negative format (only allows rule or only
deny rules). The extended work of this approach is [7]
where the MIRAGE tool is proposed. This tool represents a
management tool for analysis and deployment of
configuration policies over network security components,
such as firewalls, intrusion detection systems, and VPN
routers. In the same context, another tool was proposed in
[17]. The authors propose the Margrave; a novel tool for
firewall analysis. Beside the analysis of the policy this tool
is able to define the consequences resulting from
configuration updates. Margrave is also capable to generate
separate policies for other functions other than access
filtering, like routing and switching which ensure the
analysis of the whole firewall behavior. Other studies
present formal models for security policy generation, such
as [18]. In this work, the authors present a new formal
model for the ACL policies, this model called geometric
model is based on a set of rules a default limited number of
actions and use an ad-hoc resolution strategy. For the
resolution of anomalies, the authors present several
techniques such as the First matching Rule (FMR) and the
Last Matching Rule (LMR). In addition, the authors define a
new type of anomalies which result from the union of more
than two rules (general shadowing and general redundancy).
In [19] authors adopt a novel technique of rule segmentation
for the identification and resolution of anomalies in firewall
policies based on Binary Decision Diagram (BDD). For this
purpose, they adopt a grid-based representation technique
which provides an intuitive cognitive sense about anomaly,
in order to identify policy anomalies and resolve them.
Based on this technique the network packet space is divided
into disjoint packet space segments associated with a unique
set of firewall rules. The work in [20] presents a formal
model of firewall rules sequence, the authors focus on rules
reordering problem, their method verifies if a given firewall
rule sequence maintains the correct specification of a
security policy, by checking the relation between rules.
They proposed a verification method divided into two parts.
The first part is decision conflicts rules set generator; where
the set of security policy is translated into rules and ordered
correctly is in the rule base, then identifying rules that
generate conflict with the policy abstraction technique. The
second part is the Policy consistency engine which ensures
that rules reordering maintain the correctness of the security
policy. In case of violation another rule reordering is
needed. In [21], authors present a framework in order to
facilitate the detection of firewall policy conflicts inside
dynamic open flow networks, in addition to the previous
works in this area, this work present a model for the
detection and the resolution of conflicts in a real-time
situations, the proposed tool FLOWGUARD checks
network flow path spaces to detect firewall policy violations
when network states are updated. However, there is no
analysis model in their framework. And it does not cover
stateful firewalls in SDN’s. Basically, most of precedent
cited paper has focus on the detection and resolution of
conflicts with the human intervention, which is in some
cases difficult and error prone. Authors in [22] focus on this
point and propose an alternative solution to make amends of
human intervention, where they use a query engine for
firewall security policy analysis. Their proposition aims to
automate the whole process of anomaly resolution, without
referring to the administrator intervention. In other words,
instead of prompting the administrator for inserting the
proper order of rules, they implemented a tool (FPQE)
which executes a set of queries against a high level firewall
policy.
In [5] Authors propose an analysis method; this method
aims to detect anomalies in a firewall file configuration and
to determine consequences resulting from deleting or
updating filtering rules in the configuration file. The method
key is to represent the set of rules with a data structure
which is the tree. Firewall Anomaly Tree (FAT) can be
dynamically updated by adding or deleting filtering rules
and it gives to administrator an idea about the adequate
position to insert a rule.
Authors in [23] use a data structure called Firewall
Decision Diagram FDD and an inference system. They
propose a novel approach to automatically remove fix
firewall misconfigurations. In this work, a classification of
different anomalies in the multi firewall environment is
provided, where anomalies are divided into two main parts;
real misconfiguration and intended anomaly Resolution of
configuration errors, according to this work is done by
several techniques such as modifying the rules fields,
reordering and removing some rules. In brief they propose a
method to rules sets optimization by removing unused rules
in the policy. The authors define shadowed and redundant
rules as superfluous rules. Superfluous rules identification is
based on an inference system. Thus, this kind of rules is
removed from the policy. After the removal of superfluous
rules the discovery of misconfiguration phase begins.
Misconfigurations are identified in both simple firewall
(when different actions are applied on the same traffic in the
same firewall configuration) and distributed firewalls
(different firewalls apply different actions on the same
traffic).
B. IPsec Approaches
In literature, IPsec policies verification and management
approaches are not as common as firewall polices, this can
be caused by the similarity between the two technologies,
and the novelty of IPsec comparing to firewalls. The
concept of verification of IPsec security policies was firstly
introduced in [24]; the analysis is performed on several
policy implementations in order to detect conflicts. Authors
define a conflict as the case when policy implementations
do not satisfy the security policy requirements. They define
a requirement as the high level policy objective while policy
implementations are specified to meet that objective. Thus
the policy specification process transforms a requirement to
specific policy implementation. Beside the conflicts
detection, authors propose also a recovery mechanism. The
resolution aims to define new implementation that satisfies
the desired policy while minimizing possible damage causes
by the violation of any security requirement. However, this
method is quite complicated due to the use of non-standard
high level security requirement, which are not always
available in existing standards. Furthermore, updating
requirements cause the re-initialization of algorithm each
time, which is a tedious task. Next the schema proposed in
this work was formalized in [6]. The authors propose a
method for conflict detection by analyzing IPsec policies.
This work can be also considered as the extension of [10].
The proposed model incorporates encryption and packet
filter capabilities of IPsec. Thus, two types of conflicts are
defined for both the intra and inter-policy. the overlapping
session conflicts occurs when multiple IPsec session are
established to delivered a packet to several hosts, and the
packet is delivered to the farther host before the near one.
The second type of conflict is the Multi-Transform conflict.
It is the result of the application of a weaker protection to an
already encapsulated traffic. Authors also use BDD to
compares rules translated into Boolean functions. The main
drawback of this method is that is limited to detection
conflicts only without any recovery process. In addition, the
processing of the policy rules each time is highly time
consuming and inefficient in dynamic environment.
In [25] and [26] authors present a complete taxonomy of
possible existing conflicts in an IPsec security policy,
including both packet-filter and IPsec configuration. Their
proposed classification of intra and inter-policy is quite
similar; however they define conflicts in a simpler way that
makes the implementation much easier. In [27] an
architecture that stores all the IPsec policy in a center is
proposed. Thus, this center is accessible by a manager and
enforced by an access control policy. IPsec implementations
manipulate IPsec databases via a database manager. The
authors define IPsec implementation as programs which can
establish IPsec channels and access to databases (for
instance Strongswan and Openswan). The essential
contribution is that the use of this manager aims to avoid
access to databases by unauthorized implementations. In
another part, this work aims to prevent conflict before it
occurs, which is described as some kind of conflict
recovery. However, recovery is only made for conflict
diffusion, which is the authors’ definition of the inter-policy
conflicts.
The proposed algorithm in [28] can be considered as an
improvement of the solution proposed in [6]. The authors
propose an algorithm for the dynamic verification of an
IPsec policy. The proposed algorithm defines some type of
conflicts (does not support all the defined conflicts in the
previous works). The method uses essentially the BDD to
represent the IPsec policy and manipulate Boolean functions
in order to dynamically detect conflicts. On the whole, the
proposed algorithm generates conflict-free policies from
conflicting policies. Thus, beside the conflicts detection
authors also present some recovery mechanisms in their
approach
Authors in [29] extend the idea of, they improved the
conflicts classification in a way to be easier to implement.
An algorithm is proposed for dynamic detection of both
intra and inter-policy conflicts. The proposed classification
includes all the possible conflicts of an IPsec Access control
list; the proposed algorithm is based on a generic model
where each type of conflict is associated with a Boolean
expression. The use of Boolean expression for the
presentation of IPsec policy is obtained thanks to the Binary
Decision Diagram. Beside the improvement of classification
this method can also detect inter-policy conflicts. However
the method was not evaluated to show up the efficiency of
the algorithm.
TABLE 1 Comparison between different approaches for security policy
analysis Approaches
Conflict
Classification
Conflict
Resolution
Inter-policy
conflicts
Data
Structure
Policy
regeneration
Policy formal
model
Conflict
prevention
Dynamicity
[8] √ √
[9] √
[10] √
[12] √
[14] √ √
[15] √ √
[16] √ √ √
[7] √ √
[17] √ √ √
[18] √ √ √
[19] √ √ √
[20] √ √ √
[5] √ √ √
[23] √ √ √ √ √ √
[24] √ √
[6] √
[26] √ √ √
[27] √ √
[28] √ √ √
[29] √ √ √ √
V. DISSCUSION AND COMPARISON
In this section, we compare the different works cited in
this paper. Table 1 summarizes the main differences
between all cited works in this article. Each row in the table
stands for a proposed approach identified by its citation
number. The first fourteen rows present approaches for
Firewalls and the last six rows present approaches for IPsec.
Columns present the different considered fields of policy
analysis. Thus the most pertinent fields used for the
comparison are:
Conflict classification
Some works has proposed novel classification for the
existing conflicts, other introduced novel types of conflicts
and some works uses the already existing classification in
literature.
Conflict Resolution
Although the majority of approaches and methods can
detect conflicts efficiently, not all those approaches have
guaranteed the resolution of conflicts.
Data structure
This come to approaches in which authors use a kind of data
structure like trees, grids and binary decision diagram, to
facilitate the representation of policy or the analysis process.
Dynamicity
Although the effect of dynamicity in networks, it was not
the major concern of authors when analyzing the security
policy, only few papers has taken into consideration the
dynamic conditions.
By comparing the different proposed approaches for the
analysis of security policy, we provided a categorizatiON
schema presented in (fig. 2) which classifies those works
according to their contribution. We divided the approaches
into three main categories:
Classification and discovery of conflict approaches
The first proposed approaches for firewall policy analysis
[5-13] and IPsec policy management [24-26] focus on the
representation of security policy in order to extract the
possible existing conflicts.
Fig. 2. Categorization of Conflicts Analysis Approches
Several conflicts types where added by novel classification
models, thus based on those classifications, researchers have
builds on several conflicts detection techniques.
Nevertheless, those approaches did not guarantee the
resolution of the detected conflicts, which bring us to the
second categories of policy analysis approaches.
Approaches for conflict resolution
The resolution of conflict is the ultimate goal of security
policy analysis, hence several techniques have been
proposed in literature. For this purpose, different tool were
created such as Mirage in [7], Prometheus in [14], Margrave
in [17], Flowguard for a real time resolution in [21] and
FPQE for a resolution without the administrator intervention
in [22]. Other resolution techniques were proposed like: Rewriting security policy introduced in [16], Rule Re-ordering
used in [18] & [20], and Rule segmentation presented in
[19]. Noted that some works have combine different
techniques and some other belongs to different categories at
same time such in [23] where authors present a novel
classification and propose a novel resolution technique
based on an FDD representation.
Performances optimization approaches
Other solutions were proposed based on previous works, in
order to optimize the analysis process performances, such in
[28] and [29] where authors propose novel algorithms for
the management of IPsec security policy, where the
proposed algorithm aims to optimize the time and
complexity beside the detection and resolution of conflicts.
VI. PERSPECTIVES
Despite that conflict analysis studies are plenty; there are
still a lot of lakes in this context. One of the major
drawbacks of the previous approaches is that they are
limited to a single type of security control, thus such type of
solution is inefficient for complex and distributed networks,
where a network can have a combination of different type of
security controls (NAT, Firewall, IPsec). Another major
limitation concerning conflict analysis is that the majority of
paper focuses only on policy analysis and ignores the aspect
of the performances and network topology. Thus,
performances are quite important when network
administrator is involved in policy verification and
recovery.
The comparison between the different works presented
in this paper, leads us to conclude that a lot of approaches
share the same techniques, however not all of them are
compatible with each other. An alternative solution is to
combine all the advantages of previous works to provide a
unique approach suitable for all security controls. Another
observation is that researches on IPsec are not sufficient
despite the importance of security policy for the correct
IPsec functioning. Consequently, the proposed future
solution must take network topology into consideration and
convenient to dynamic conditions imposed by distributing
networks while regarding other performance aspect like
execution time. To accomplish this objective, proposed
Conflict
Analysis
Approaches
Classification
of conflict
Resolution
of conflicts
Re-writing policy
Re-ordering of rules
Segmentation of rules
Tool proposition
Optimization
of
performance
approaches must guarantee well-defined formats of input
data; and use extendible data structure. So the aim is to
provide a model that can perform policy analysis on
different types of security controls while conserving
network security, flexibility and transparency.
VII. CONCLUSION
With the dynamic growth of the internet, network
security has become a focal concern. Firewall and IPsec
gateways are widely used in private networks as an
important part of their security. However, their efficiency
can be affected by the conflict produced in their security
policies. Furthermore, the complexity of security policy
makes their verification and configuration more difficult.
Along this last decade, a lot of researches were carried out
in this field. In this paper we present some of those works
concerning the verification of policies of firewall and IPsec.
We define the outlines of both technologies and compare
different proposed approaches. A comparison between those
works, lead us to propose potential solutions in order to
overcome security policy problem. One of the main
propositions is to find out a way to combine proposed
solutions into one single general and standard approach,
while ensuring the best performances in the network.
REFERENCES
[1] Snader, Jon C. VPNs Illustrated: Tunnels, VPNs, and IPsec. AddisonWesley Professional, 2015.
[2] Ingham, Kenneth et Forrest, Stephanie. A history and survey of
network firewalls. University of New Mexico, Tech. Rep, 2002.
[3] Wu, Zhengping et Liu, Yuanyao. Knowledge-based policy conflict
analysis in mobile social networks. Wireless personal communications,
2013, vol. 73, no 1, p. 5-22.
[4] Pisharody, Sandeep, Chowdhary, Ankur, et Huang, Dijiang. Security
policy checking in distributed SDN based clouds. In : Communications
and Network Security (CNS), 2016 IEEE Conference on. IEEE, 2016.
p. 19-27.
[5] ABBES, Tarek, BOUHOULA, Adel, et RUSINOWITCH, Michaël.
Detection of firewall configuration errors with updatable tree.
International Journal of Information Security, 2016, vol. 15, no 3, p.
301-317.
[6] HAMED, Hazem, AL-SHAER, Ehab, et MARRERO, Will. Modeling
and verification of IPSec and VPN security policies. In : Network
Protocols, 2005. ICNP 2005. 13th IEEE International Conference on.
IEEE, 2005. p. 10 pp.-278.
[7] GARCIA-ALFARO, Joaquin, CUPPENS, Frédéric, CUPPENSBOULAHIA, Nora, et al. MIRAGE: a management tool for the
analysis and deployment of network security policies. Data Privacy
Management and Autonomous Spontaneous Security, 2011, p. 203-
215.
[8] Al-Shaer, Ehab S. et Hamed, Hazem H. Firewall policy advisor for
anomaly discovery and rule editing. In : Integrated Network
Management, 2003. IFIP/IEEE Eighth International Symposium on.
IEEE, 2003. p. 17-30.
[9] AL-SHAER, Ehab S. Et HAMED, Hazem H. Discovery of Policy
Anomalies In Distributed Firewalls. in : INFOCOM 2004. TwentyThird Annualjoint Conference Of The IEEE Computer and
Communications Societies. IEEE, 2004. P. 2605-2616.
[10] AL-SHAER, Ehab, HAMED, Hazem, BOUTABA, Raouf, et al.
Conflict classification and analysis of distributed firewall policies.
IEEE journal on selected areas in communications, 2005, vol. 23, no
10, p. 2069-2084.
[11] Al-Shaer, E. Modeling and verification of firewall and ipsec policies
using binary decision diagrams. 2014 In Automated Firewall Analytics
(pp. 25-48). Springer, Cham.
[12] YUAN, Lihua, CHEN, Hao, MAI, Jianning, et al. Fireman: A toolkit
for firewall modeling and analysis. In : Security and Privacy, 2006
IEEE Symposium on. IEEE, 2006. p. 15 pp.-213.
[13] BRYANT, Randal E. et MEINEL, Christoph. Ordered binary decision
diagrams. In : Logic Synthesis and Verification. Springer US, 2002. p.
285-307.
[14] OLIVEIRA, Ricardo M., LEE, Sihyung, et KIM, Hyong S. Automatic
detection of firewall misconfigurations using firewall and network
routing policies. In : IEEE DSN Workshop on Proactive Failure
Avoidance, Recovery, and Maintenance (PFARM). 2009.
[15] FERRARESI, Simone, PESIC, Stefano, TRAZZA, Livia, et al.
Automatic conflict analysis and resolution of traffic filtering policy for
firewall and security gateway. In : Communications, 2007. ICC’07.
IEEE International Conference on. IEEE, 2007. p. 1304-1310.
[16] ALFARO, Joaquin Garcia, BOULAHIA-CUPPENS, Nora, et
CUPPENS, Frédéric. Complete analysis of configuration rules to
guarantee reliable network security policies. International Journal of
Information Security, 2008, vol. 7, no 2, p. 103-122.
[17] NELSON, Timothy, BARRATT, Christopher, DOUGHERTY, Daniel
J., et al. The Margrave Tool for Firewall Analysis. In : LISA. 2010. p.
1-18.
[18] BASILE, Cataldo, CAPPADONIA, Alberto, et LIOY, Antonio.
Network-level access control policy analysis and transformation.
IEEE/ACM Transactions on Networking (TON), 2012, vol. 20, no 4,
p. 985-998.
[19] HU, Hongxin, AHN, Gail-Joon, et KULKARNI, Ketan. Detecting and
resolving firewall policy anomalies. IEEE Transactions on dependable
and secure computing, 2012, vol. 9, no 3, p. 318-331.
[20] GAWANMEH, Amjad. Automatic verification of security policies in
firewalls with dynamic rule sequence. In : Information Technology:
New Generations (ITNG), 2014 11th International Conference on.
IEEE, 2014. p. 279-284.
[21] Hu, H., Han, W., Ahn, G. J., & Zhao, Z. FLOWGUARD: building
robust firewalls for software-defined networks, 2014 In Proceedings of
the third workshop on Hot topics in software defined networking (pp.
97-102). ACM.
[22] Bouhoula, A., & Yazidi, A. A security policy query engine for fully
automated resolution of anomalies in firewall configurations. In
Network Computing and Applications (NCA), 2016 IEEE 15th
International Symposium on (pp. 76-80). IEEE
[23] SAÂDAOUI, Amina, SOUAYEH, Nihel Ben Youssef Ben, et
BOUHOULA, Adel. FARE: FDD-based firewall anomalies resolution
tool. Journal of Computational Science, 2017, vol. 23, p. 181-191.
[24] FU, Zhi, WU, S. Felix, HUANG, He, et al. IPSec/VPN security policy:
Correctness, conflict detection, and resolution. In : Policies for
Distributed Systems and Networks. Springer, Berlin, Heidelberg, 2001.
p. 39-56.
[25] LI, Zhitang, CUI, Xue, et CHEN, Lin. Analysis and classification of
ipsec security policy conflicts. In : Frontier of Computer Science and
Technology, 2006. FCST’06. Japan-China Joint Workshop on. IEEE,
2006. p. 83-88.
[26] HAMED, Hazem et AL-SHAER, Ehab. Taxonomy of conflicts in
network security policies. IEEE Communications Magazine, 2006, vol.
44, no 3, p. 134-141.
[27] SUN, Hung-Min, CHANG, Shih-Ying, CHEN, Yao-Hsin, et al. The
design and implementation of IPSec conflict avoiding and recovering
system. In : TENCON 2007-2007 IEEE Region 10 Conference. IEEE,
2007. p. 1-4.
[28] NIKSEFAT, Salman et SABAEI, Masoud. Efficient algorithms for
dynamic detection and resolution of IPSec/VPN security policy
conflicts. In : Advanced Information Networking and Applications
(AINA), 2010 24th IEEE International Conference on. IEEE, 2010. p.
737-744.
[29] KHELF, Roumaissa et Ghoualmi, Nassira. Intra and inter policy
Conflicts Dynamic Detection Algorithm. In : Detection Systems
Architectures and Technologies (DAT), Seminar on. IEEE, 2017. p 1-6
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
There is a very low likelihood that you won’t like the paper.
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
GET A PERFECT SCORE!!! 
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more