@inproceedings{879afc26f57649788b861d8492bce6dc,
title = "A Space-Efficient Approach to Consistency Check of Firewall Rules",
abstract = "Firewalls have been widely used in organizations to implement access control policies. However complicated management of firewall rule set has caused overheads and reduced the responsiveness of organizations. In this paper, we propose a solution for firewall rule management with a special aim at consistency check of firewall rules. We use Bloom filters, a space-efficient solution for membership checking with bounded false positive rate. To reduce inconsistencies, a membership check is performed each time before a firewall rule is inserted into the rule set. A revised Bloom filter is proposed to support set operations due to the wide use of range of IP addresses and port numbers in firewall rules. This efficient approach provides quick inconsistency/overlap check of firewall rules, and can alleviate management overheads for organizations that adopt firewalls.",
keywords = "Bloom filter, Computer security, Firewall, Rule set",
author = "Wei Li",
year = "2009",
language = "American English",
isbn = "9781615676668",
series = "22nd International Conference on Computer Applications in Industry and Engineering 2009, CAINE 2009",
pages = "19--24",
booktitle = "22nd International Conference on Computer Applications in Industry and Engineering 2009, CAINE 2009",
note = "22nd International Conference on Computer Applications in Industry and Engineering 2009, CAINE 2009 ; Conference date: 04-11-2009 Through 06-11-2009",
}