Safe and Efficient Strategies for Updating Firewall Policies
Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify configure and safely deploy a target policy. Much research has already addressed policy specification, conflict detection, and optimization but very little research is devoted to firewall policy deployment. Only recently, some researchers have proposed deployment strategies for two important classes of policy editing languages. This paper shows that these strategies have serious flaws leading to security breaches.