Algorithms for Analysing Firewall and Router Access Lists
Scott Hazelhurst
TL;DR
This paper introduces a new algorithm that uses ordered binary decision diagrams (BDDs) to efficiently represent and analyze firewall and router access lists, improving rule management and validation.
Contribution
The paper presents a novel algorithm for representing access lists as BDDs and demonstrates how this approach can be used to analyze rule sets effectively.
Findings
BDD representation reduces rule set complexity
Analysis improves rule validation efficiency
Method scales with larger rule lists
Abstract
Network firewalls and routers use a rule database to decide which packets will be allowed from one network onto another. By filtering packets the firewalls and routers can improve security and performance. However, as the size of the rule list increases, it becomes difficult to maintain and validate the rules, and lookup latency may increase significantly. Ordered binary decision diagrams (BDDs) - a compact method of representing and manipulating boolean expressions - are a potential method of representing the rules. This paper presents a new algorithm for representing such lists as a BDD and then shows how the resulting boolean expression can be used to analyse rule sets.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFormal Methods in Verification · Network Packet Processing and Optimization · Software Testing and Debugging Techniques