Skip to Main Content
Firewalls and Security Gateways are core elements in network security infrastructure. As networks and services become more complex, managing access-list rules becomes an error-prone task. Conflicts in a policy can cause holes in security, and can often be hard to find while performing only visual or manual inspection. First, we have defined a methodology to systematically classify the severity of rule conflicts; secondly, we have proposed two different solutions to automatically resolve conflicts in a firewall. For one of them we found an algebraic proof of the existence of the solution and the convergence of the algorithm, and then we have made a software implementation to test it.