Fireblade: Enhancing Firewall Validation With Binary Logic Analysis and Decision Engines

Abstract

This thesis introduces FireBLADE, a novel software tool designed to address the persistent issue of firewall misconfigurations in enterprise networks, a problem highlighted by a 2004 study finding all examined firewalls vulnerable to cyberattacks. FireBLADE analyzes packet traces processed by firewalls using Binary Decision Diagrams (BDDs) to store and query prior firewall actions (permit or deny) on individual packets, facilitating firewall rule validation. The research evaluates the potential of using captured packet traces from enterprise border network routers to create compressed BDDs to approximate low-level firewall configuration rules. The approach uses the PyEDA library to transform packet data into BDDs, assessing scalability and practicality through high-performance computing. Key findings include the development of FireBLADE, which automates BDD generation and querying, and a unique testing framework for big data analysis. Despite challenges, the research advances packet action prediction and firewall rule approximation in black-box environments through BDDs. A notable feat of this work includes designing three prediction models, with one averaging a 93 percent F1 score. Overall, the thesis contributes innovative methods and insights into firewall validation, enabling future exploration in rule validation and approximation with historical packet data. Future work includes BDD short-circuiting, optimization with bit-to-value encoding, and BDD intersection analysis.

Document Details

Document Type

Technical Report

Publication Date

Dec 01, 2023

Accession Number

AD1224997

Entities

Tags