Applying static code analysis to firewall policies for the purpose of anomaly detection

Zaliva, Vadim, author; Ray, Indrajit, 1966-, advisor; Turk, Daniel E., committee member; Ray, Indrakshi, committee member

Applying static code analysis to firewall policies for the purpose of anomaly detection

Files

2009_summer_Zaliva_COMS.pdf (2.01 MB)

Date

2009

Authors

Zaliva, Vadim, author

Ray, Indrajit, 1966-, advisor

Turk, Daniel E., committee member

Ray, Indrakshi, committee member

Abstract

Treating modern firewall policy languages as imperative, special purpose programming languages, in this thesis we will try to apply static code analysis techniques for the purpose of anomaly detection. We will first abstract a policy in common firewall policy language into an intermediate language, and then we will try to apply anomaly detection algorithms to it. The contributions made by this thesis are: 1. An analysis of various control flow instructions in popular firewall policy languages 2. Introduction of an intermediate firewall policy language, with emphasis on control flow constructs. 3. Application of Static Code Analysis to detect anomalies in firewall policy, expressed in intermediate firewall policy language. 4. Sample implementation of Static Code Analysis of firewall policies, expressed in our abstract language using Datalog language.

Description

Department Head: Bruce Austin Draper.

URI

http://hdl.handle.net/10217/28638

Collections

2000-2019
Theses and Dissertations

Full item page

Applying static code analysis to firewall policies for the purpose of anomaly detection

Files

Date

Authors

Journal Title

Journal ISSN

Volume Title

Abstract

Description

Rights Access

Subject

Citation

URI

Associated Publications

Collections