The main purpose of this project is generating a repository of security policies (especially firewalls) to be used in
configuration testing and analysis.
Access-control lists are an essential part in the security framework of any system.
Researchers are always in need to have a repository of ready made policies for conducting
research and development. Such policies, especially firewall policies which are the focus
of our work, are needed to perform performance testing as well as configuration analysis.
In this paper we introduce two techniques to perform such task.
Two main techniques are developed:
Syntactic Generation:
The first approach learns policy parameters from a set of given policies. It generates policies that conform with
natural policy-writing practices while following the grammar syntax required by the security
device. A probabilistic learning approach is used to infer transition probabilities for the
policy grammar.
Traffic-aware Generation:
The second technique utilizes the huge trace repositories to generate
traffic-driven policies. An online clustering mechanism is developed to infer rule structures
from the traffic in order to generate policies that will be relevant to the environment.
ClusterDensity: Clustering parameter controlling the number of packets combined to form a policy rule.
SplitMethod: X; for splitting cluster over distance threshold, M; for splitting clusters over density threshold.
MaxPackets: Number of packets to use in the policy generation.
Generic Output description
Each output file include a set of generated policies with different generation parameters:
- Number of rules
- Rules density (number of packets matching the rule)
- Distance between samples
Each rule is defined by protocol, IP ranges and port ranges.
After each rule set, some properties are provided for the generated policy.
The samples below contains multiple policies, varying according to the free parameters.