Optimization of Firewall
- Publisher: Journal of Engineering Computers & Applied Sciences
Journal of Engineering Computers & Applied Sciences
(issn: 2319-5606, eissn: 2319-5606)
Computer Sciences | Firewall optimization, ACL optimization, ACL partitioning.
arxiv: Computer Science::Cryptography and Security | Computer Science::Networking and Internet Architecture
This paper represents a general framework for rule-based firewall optimization. We give a precise formulation of firewall optimization as an integer programming problem and show that our framework produces optimal reordered rule sets that are semantically equivalent to the original rule set. Our framework considers the complex interactions among the rules in firewall configurations and relies on a novel partitioning of the packet space defined by the rules themselves. For validation, we employ this framework on real firewall rule sets for a quantitative evaluation of existing heuristic approaches