160 likes | 281 Vues
Diverse Firewall Design. Alex X. Liu The University of Texas at Austin, U.S.A. July 1, 2004 Co-author: Mohamed G. Gouda. Firewall. It is a sequence of rules to decide to accept or discard any packet. Example: packet(F1, F2). Firewall Design is error-prone.
E N D
Diverse Firewall Design Alex X. Liu The University of Texas at Austin, U.S.A. July 1, 2004 Co-author:Mohamed G. Gouda
Firewall • It is a sequence of rules to decide to accept or discard any packet. • Example: packet(F1, F2) • Firewall Design is error-prone. The University of Texas at Austin
How to reduce firewall design errors? • Solution: Diverse Firewall Design • Motived by N-version programming (Avizienis 1977) and back-to-back testing (Vouk 1988) • Differ from N-version programming: only one version deployed • Differ from back-to-back testing: all discrepancies discovered The University of Texas at Austin
Diverse Firewall Design • Design phase: Same specification given to multiple teams to design firewalls • Comparison phase: Compare multiple firewalls to discover all discrepancies The University of Texas at Austin
How to compare two firewalls? • Step 1: construct an equivalent ordered FDD for each firewall • Step 2: make two ordered FDDs semi-isomorphic • Step 3: compare two semi-isomorphic FDDs for discrepancies The University of Texas at Austin
Firewall Decision Diagram (FDD) • Consistency: labels of any two siblings are non-overlapping • Completeness: union of labels of all siblings is the domain of the field F1 [31,100] [1,30] F2 F2 [1,40] [21,100] [41,100] [1,20] a d a d The University of Texas at Austin
Step 1 • Construct an equivalent ordered FDD for each firewall • (An FDD is ordered if the labels along every path in the FDD are consistent with the same total order.) The University of Texas at Austin
Applying Step 1 (2) (1) F1 F1 [1,30] [1,30] F2 F2 [21,100] [1,20] [1,20] a a d (3) (4) F1 F1 [31,100] [31,100] [1,30] [1,30] F2 F2 F2 F2 [21,100] [21,100] [1,20] [1,40] [1,20] [41,100] [1,40] a d a d a a d The University of Texas at Austin
Step 2 • Make two ordered FDDs semi-isomorphic • Semi-isomorphic FDDs: exactly same except labels of terminal nodes • Example: make these FDDs semi-isomorphic F1 F1 [51,100] [31,100] [1,30] [1,50] F2 F2 F2 d [21,100] [1,40] [41,100] [61,100] [1,20] [1,60] a d a d a d The University of Texas at Austin
Applying Step 2: F1 F1 [51,100] [31,100] [1,30] [1,50] F2 F2 F2 d [1,40] [21,100] [41,100] [61,100] [1,20] [1,60] a d a d a d F1 F1 [1,30] [1,30] [51,100] [51,100] [31,50] [31,50] F2 F2 F2 d [21,100] [61,100] [1,20] [1,40] [41,100] [1,60] F2 F2 [41,100] [61,100] [1,40] [1,60] a d a d a d a d a d The University of Texas at Austin
Results of Step 2 F1 [1,30] [51,100] [31,50] F2 F2 F2 [61,100] [61,100] [41,100] [1,20] [1,40] [1,40] [41,60] [21,60] a d d a d d a d F1 [1,30] [51,100] [31,50] F2 F2 F2 [61,100] [61,100] [41,100] [1,20] [1,40] [1,40] [41,60] [21,60] a a d a a d d d The University of Texas at Austin
Step 3: • Compare two semi-isomorphic FDDs for discrepancies The University of Texas at Austin
Applying Step 3: F1 [1,30] [51,100] [31,50] F2 F2 F2 [61,100] [61,100] [41,100] [1,20] [1,40] [1,40] [41,60] [21,60] a d a d d d a d F1 [1,30] [51,100] [31,50] F2 F2 F2 [61,100] [61,100] [1,20] [1,40] [1,40] [41,100] [41,60] [21,60] a d a d a a d d The University of Texas at Austin
Example • 1. Design A of firewall: • 2. Design B of firewall: • 3. Comparison: F1 [51,100] [1,50] F2 d [61,100] [1,60] a d The University of Texas at Austin
Experimental Results • Three algorithms implemented in Java JDK 1.4 • Experiments carried out on SunBlade 2000 (OS: Solaris 9, CPU:1Ghz , memory: 1 GB) The University of Texas at Austin
Conclusions • Three contributions: • Propose diverse firewall design method • Present a suite of algorithms to enable diverse firewall design • FDD Construction Algorithm • FDD Shaping Algorithm • FDD Comparison Algorithm method • FDD construction algorithm can be used to convert a conflict infested firewall to a conflict free firewall The University of Texas at Austin