First Step Towards Automatic Correction of Firewall Policy Faults
In this paper, the authors make three major contributions. First, they propose the first comprehensive fault model for firewall policies including five types of faults. For each type of fault, they present an automatic correction technique. Second, they propose the first systematic approach that employs these five techniques to automatically correct all or part of the misclassified packets of a faulty firewall policy. Third, they conducted extensive experiments to evaluate the effectiveness of the approach. Experimental results show that the approach is effective to correct a faulty firewall policy with three of these types of faults.