Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.6.1087

A Study to Hierarchical Visualization of Firewall Access Control Policies  

Kim, Tae-yong (Korea Institute of Science and Technology Information(KISTI))
Kwon, Tae-woong (Korea Institute of Science and Technology Information(KISTI))
Lee, Jun (Korea Institute of Science and Technology Information(KISTI))
Lee, Youn-su (Korea Institute of Science and Technology Information(KISTI))
Song, Jung-suk (Korea Institute of Science and Technology Information(KISTI))
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.6, 2020 , pp. 1087-1101 More about this Journal
Abstract
Various security devices are used to protect internal networks and valuable information from rapidly evolving cyber attacks. Firewall, which is the most commonly used security device, tries to prevent malicious attacks based on a text-based filtering rule (i.e., access control policy), by allowing or blocking access to communicate between inside and outside environments. However, in order to protect a valuable internal network from large networks, it has no choice but to increase the number of access control policy. Moreover, the text-based policy requires time-consuming and labor cost to analyze various types of vulnerabilities in firewall. To solve these problems, this paper proposes a 3D-based hierarchical visualization method, for intuitive analysis and management of access control policy. In particular, by providing a drill-down user interface through hierarchical architecture, Can support the access policy analysis for not only comprehensive understanding of large-scale networks, but also sophisticated investigation of anomalies. Finally, we implement the proposed system architecture's to verify the practicality and validity of the hierarchical visualization methodology, and then attempt to identify the applicability of firewall data analysis in the real-world network environment.
Keywords
Firewall; Access Control List; Hierarchical Visualization; 3D Drill-Down User Interface; Policy Anomaly;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Michael Cooney, "Network World 2020 State of the Network: SD-WAN, edge networking and security are hot", NetworkWorld, 14 Apr. 2020, IDG Communications, Inc. https://www.networkworld.com/article/3537559/state-of-the-network-sd-wan-edge-networking-and-security-issues-heat-things-up.html, Accessed 18 June 2020.
2 W. Stallings, "Network security essentials: applications and standards.", pp. 374-397, 2016.
3 E. S. Al-Shaer and H. H. Hamed, "Modeling and management of firewall policies." IEEE Transactions on network and service management 1.1, pp. 2-10, 2004.   DOI
4 T. Tran and E. S. Al-Shaer, R. Boutaba, "PolicyVis: Firewall Security Policy Visualization and Inspection." LISA. Vol. 7. pp. 1-16, Nov. 2007.
5 E. S. Al-Shaer and H. H. Hamed, "Firewall policy advisor for anomaly discovery and rule editing." International Symposium on Integrated Network Management. Springer, Boston, pp. 17-30, Mar, 2003.
6 A. K. Meena and N. Hubballi, "NViZ: An Interactive Visualization of Network Security Systems Logs." 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS). IEEE, pp. 685-687, Jan, 2020.
7 Ui-Hyong Kim and Jung-Min Kang, Jae-Sung Lee, Hyong-Shik Kim, Soon-Young Jung, "Practical firewall policy inspection using anomaly detection and its visualization." Multimedia tools and applications 71.2, pp. 627-641, 2014.   DOI
8 F. Mansmann and T. Gobel, W. Cheswick, "Visual analysis of complex firewall configurations." Proceedings of the ninth international symposium on visualization for cyber security, pp. 1-8, 2012.
9 K. Ingham and S. Forrest, "A history and survey of network firewalls." University of New Mexico, Tech. Rep, 2002.
10 A. Wool, "Trends in firewall configuration errors: Measuring the holes in swiss cheese." IEEE Internet Computing 14.4, pp. 58-65, 2010.   DOI
11 Y. Bartal and A. Mayer, K. Nissim, A. Wool, "Firmato: A novel firewall management toolkit." Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No. 99CB36344). IEEE, pp. 17-31, May, 1999.
12 Q. Duan, and E. S. Al-Shaer, "Traffic-aware dynamic firewall policy management: techniques and applications." IEEE Communications Magazine 51.7, pp. 73-79, 2013.   DOI
13 H. Hu and G. J. Ahn, K. Kulkarni, "Detecting and resolving firewall policy anomalies." IEEE Transactions on dependable and secure computing 9.3, pp. 318-331, 2012.   DOI
14 Paloalto Networks, PA-Series user manual, https://www.paloaltonetworks.co.kr/network-security/pa-series, Ac cessed 21 June 2020.
15 AhnLab, TrusGuard Firewalls, https://www.ahnlab.com/kr/site/product/productView.do?prodSeq=10, Accessed 24 June 2020.
16 Apache Tomcat, Tomcat 7.0.104 Software, http://tomcat.apache.org/, Accessed 23 June 2020.
17 MariaDB Foundation, MariaDB 10.3, https://mariadb.org/, Accessed 23 June 2020.
18 Likert, Rensis. "A technique for the measurement of attitudes." Archives of psychology (1932).
19 Redislabs, redis 6.0, https://redis.io/, Accessed 23 June 2020.
20 Unity Techinologies, Unity Core Platform, https://unity.com/, Accessed 23 June 2020.
21 SECUI, SECUI MF2, https://www.secui.com/product/mf2/, Accessed 25 June 2020.
22 Wins, Sniper NGFW, http://www.wins21.co.kr/product/product_030101.html?num=28/, Accessed 25 June 2020.