Open Access  Subscription or Fee Access

Firewalls are the most deployed medium on the Internet for securing private networks from unwanted intruders. The volume of traffic moving over the Internet, as well as corporate networks, is expanding exponentially every day. As social dependence on such information systems continues to grow exponentially, a similar growth in threats is concurrently taking place. A firewall checks each incoming or outgoing packet to decide whether to accept or discard the packet based on its assigned policy. Optimizing these policies is crucial phase to enhance the performance of the network. Existing work on firewall optimization focuses on either intrafirewall or interfirewall optimization within one administrative domain where the privacy of firewall policies is not a concern and cross domains where when used with various network address translation devices made it a problem. This project explores interfirewall optimization across administrative domains along with NAT devices for the first time. The key technical challenge is that firewall policies cannot be shared across domains because a firewall policy contains confidential information and even potential security holes, which can be exploited by attackers. Here, we propose the first cross-domain privacy preserving cooperative firewall policy optimization protocol along with Network Address Translation devices. Particularly, for any two adjacent firewalls belonging to two different administrative domains, our protocol can identify in each firewall the rules that can be removed because of the other firewall and optimization process involves cooperative computation between the two firewalls without any party disclosing its policy to the other.

E. Al-Shaer and H. Hamed. Discovery of policy anomalies in distributed firewalls.In IEEE INFOCOM, pages 2605–2616, 2004.

J. Brickell and V. Shmatikov.Privacy-preserving graph algorithms in the semi- honest model. In ASIACRYPT, pages 236–252, 2010.

J. Cheng, H. Yang, S. H. Wong, and S. Lu.Design and implementation of cross- domain cooperative firewall.In IEEE ICNP, 2007.

M. G. Gouda and A. X. Liu. Firewall design: consistency, completeness and compactness. In IEEE ICDCS, pages 320–327, 2004.

X. Liu and M. G. Gouda.Diverse firewall design.IEEE TPDS, 19(8), 2008.

Jo.ao B. D. Cabrera1, Carlos Guti´errez and Raman K. Mehra,” InfrastructuresandAlgorithms for Distributed Anomaly-Based Intrusion Detection in Mobile Ad-Networks”

S. Axelsson, “Intrusion Detection Systems: A Survey and Taxonomy,” TechnicalReport99-15, Dept. of Computer Eng.,Chalmers Univ. of Technology, 2000.

FeiChen,BezawadaBruhadeshwar& Alex X. Liu,“ Cross-Domain Privacy Preserving Cooperative Firewall Optimization ”,IEEE TRANSACTIONS ON NETWORKING VOL:21 NO 3 YEAR 2013.

Hongxin Hu, Gail - JoonAhn and KetanKulkarni researched on “Detecting and Resolving Firewall Policy Anomalies” , IEEE Transactions on DependableAnd Secure Computing, VOL. 9,NO. 3, MAY/JUNE 2012.