|
Title:
|
A REAL TIME ALGORITHM FOR FIREWALL ACL INCONSISTENCY DETECTION IN AD HOC NETWORKS |
|
Author(s):
|
S. Pozo , R. Ceballos , R. M. Gasca |
|
ISBN:
|
978-972-8924-56-0 |
|
Editors:
|
Nuno Guimarães and Pedro Isaías |
|
Year:
|
2008 |
|
Edition:
|
Single |
|
Keywords:
|
Ad hoc network, firewall, filtering, consistency, conflict, algorithm |
|
Type:
|
Full Paper |
|
First Page:
|
117 |
|
Last Page:
|
124 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Filtering is a very important issue in next generation networks. These networks consist of a relatively high number of
resource constrained devices and frequent topology updates. The simplest example scenario takes place when a node
enters or leaves a network, where access control policy of all nodes of the network must be modified. In this update rules
may be added, removed or modified from their rule sets. Filtering in next generation networks suffer from new problems
but also maintain the old ones: rule set consistency, compactness, and performance of the filtering algorithm. In this
paper we analyze the consistency problem in firewall rule sets when rules are inserted, removed or modified. We show
that inconsistencies can only be caused by rule insertions. As node resources in next generation networks are very scarce,
we propose a very fast real time rule order independent inconsistency detection algorithm for firewall rule sets to prevent
rule insertions that can cause inconsistencies. Experimental results that validate our proposal are provided. To the best of
our knowledge, this is the first time a real time algorithm has been proposed to automatically address this problem. |
|
|
|
|
|
|
