Applying static code analysis to firewall policies for the purpose of   anomaly detection

Vadim Zaliva

arXiv:1102.1237·cs.PL·February 8, 2011

Applying static code analysis to firewall policies for the purpose of anomaly detection

Vadim Zaliva

PDF

TL;DR

This paper applies static code analysis techniques to firewall policies by abstracting them into an intermediate language, enabling anomaly detection through control flow analysis and implementation in Datalog.

Contribution

It introduces an intermediate firewall policy language emphasizing control flow, and demonstrates static code analysis for anomaly detection in firewall policies.

Findings

01

Analysis of control flow instructions in firewall languages

02

Development of an intermediate policy language

03

Implementation of static analysis using Datalog

Abstract

Treating modern firewall policy languages as imperative, special purpose programming languages, in this article we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this work are: 1. An analysis of various control flow instructions in popular firewall policy languages 2. Introduction of an intermediate firewall policy language, with emphasis on control flow constructs. 3. Application of \textit{Static Code Analysis} to detect anomalies in firewall policy, expressed in intermediate firewall policy language. 4. Sample implementation of \textit{Static Code Analysis} of firewall policies, expressed in our abstract language using Datalog language.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.