Logo image
Back
Towards quantification of firewall policy complexity
Conference proceeding

Towards quantification of firewall policy complexity

Haining Chen, Omar Chowdhury, Jing Chen, Ninghui Li and Robert Proctor
Proceedings of the 2015 Symposium and Bootcamp on the science of security, Vol.21-22-, pp.1-2
HotSoS '15
04/21/2015
DOI: 10.1145/2746194.2746212

View Online

Abstract

Developing metrics for quantifying the security and usability aspects of a system has been of constant interest to the cybersecurity research community. Such metrics have the potential to provide valuable insight on security and usability of a system and to aid in the design, development, testing, and maintenance of the system. Working towards the overarching goal of such metric development, in this work we lay down the groundwork for developing metrics for quantifying the complexity of firewall policies. We are particularly interested in capturing the human perceived complexity of firewall policies. To this end, we propose a potential workflow that researchers can follow to develop empirically-validated, objective metrics for measuring the complexity of firewall policies. We also propose three hypotheses that capture salient properties of a firewall policy which constitute the complexity of a policy for a human user. We identify two categories of human-perceived policy complexity ( i.e., syntactic complexity and semantic complexity ), and for each of them propose potential complexity metrics for firewall policies that exploit two of the hypotheses we suggest. The current work can be viewed as a stepping stone for future research on development of such policy complexity metrics.
 firewall policies policy complexity metrics

Details

Metrics

21 Record Views
Logo image