Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Measuring the Usability of Firewall Rule Sets
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0001-9203-0773
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0002-9980-3473
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0003-0778-4736
2020 (English)In: IEEE Access, E-ISSN 2169-3536, p. 27106-27121Article in journal (Refereed) Published
Abstract [en]

Firewalls are computer systems that assess the network traffic using an ideally coherentand manageable set of rules. This study aims to provide means to measure the usability of firewall rulesets in terms of how easily IT professionals can understand and manage them. First, we conductedsemi-structured interviews with system administrators wherein we obtained the usability challenges relatedto the management of firewall rule sets. This was followed by the analysis of related work. The interviewresults were combined with the findings from the related work. Accordingly, we acquired four usabilityattributes related to the manageability of firewalls; these were formally defined. We tested and measured thecognitive aspects related to the structure and ordering of the rules through a user study. A third user studywith system administrators validated our metrics. It exhibited a very strong correlation between the metricsand how the administrators characterized usability.

Place, publisher, year, edition, pages
IEEE, 2020. p. 27106-27121
Keywords [en]
Firewall rule set, iptables, formalization, metrics, usability, user study
National Category
Human Computer Interaction
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-64702DOI: 10.1109/ACCESS.2020.2971093OAI: oai:DiVA.org:kau-64702DiVA, id: diva2:1150037
Projects
HITS, 4707
Note

Artikeln publicerad som manuskript i Voronkovs lic.uppsats.

Available from: 2017-10-17 Created: 2017-10-17 Last updated: 2020-02-27Bibliographically approved
In thesis
1. Usable Firewall Rule Sets
Open this publication in new window or tab >>Usable Firewall Rule Sets
2017 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Correct functioning is the most important requirement for any system. Nowadays there are a lot of threats to computer systems that undermine confidence in them and, as a result, force a user to abandon their use. Hence, a system cannot be trusted if there is no proper security provided. Firewalls are an essential component of network security and there is an obvious need for their use.

The level of security provided by a firewall depends on how well it is configured. Thus, to ensure the proper level of network security, it is necessary to have properly configured firewalls. However, setting up the firewall correctly is a very challenging task. These configuration files might be hard to understand even for system administrators. This is due to the fact that these configuration files have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is being added to the set, and a proper position, where to place it, needs to be found. Misconfiguration might sooner or later be made and that will lead to an inappropriate system's security. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to identify existing firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conducted a series of interviews with system administrators. In the interviews, system administrators were asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we turned to literature to get an understanding on the state-of-the-art of the field and therefore conducted a systematic literature review. This review presents a classification of available solutions and identifies open challenges in this area. To achieve the second part of the objective, we started working on one identified challenge. A set of usability metrics was proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability was identified.

Abstract [en]

Network security is an important aspect that must be taken into account. Firewalls are systems that are used to make sure that authorized network traffic is allowed and unauthorized traffic is prohibited. However, setting up a firewall correctly is a challenging task. Their configuration files might be hard to understand even for system administrators.

The overall aim of this thesis is to identify firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conduct a series of interviews with system administrators. In the interviews, system administrators are asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we conduct a systematic literature review to get an understanding on the state of the art of the field. This review classifies available solutions and identifies open challenges. To achieve the second part of the objective, a set of usability metrics is proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability is identified.

Place, publisher, year, edition, pages
Karlstads universitet, 2017. p. 11
Series
Karlstad University Studies, ISSN 1403-8099 ; 2017:40
Keywords
Network Security, Usable Security, Firewall Configuration, Systematic Literature Review, Usability Metrics, User Studies
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-64703 (URN)978-91-7063-817-6 (ISBN)978-91-7063-912-8 (ISBN)
Presentation
2017-11-27, 9C 204, Rejmersalen, Karlstad, 13:15 (English)
Opponent
Supervisors
Projects
HITS, 4707
Funder
Knowledge Foundation
Note

Artikel 3 i lic.uppsatsen som manuskript. Nu publicerat.

Available from: 2017-11-08 Created: 2017-10-17 Last updated: 2020-02-20Bibliographically approved
2. Usability of Firewall Configuration: Making the Life of System Administrators Easier
Open this publication in new window or tab >>Usability of Firewall Configuration: Making the Life of System Administrators Easier
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Firewalls are an important component of network security that serve to protect networks by regulating incoming and outgoing traffic. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals who deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found or the existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. We explore three different aspects of firewall configuration: 1) the syntax of rules, 2) the organization of rules in a rule set, and 3) the way rule sets are presented to a user. Using this acquired knowledge, we offer system administrators more usable firewall solutions and approaches to the configuration process that can help facilitate their daily work.

Abstract [en]

Most companies have access to the Internet and their corporate networks connected to it. Many threats to computer systems, e.g. worms, trojans, and denial-of-service attacks, can be encountered online and they may entail, for example, confidential data theft, service disruption and financial losses. Every organization, regardless of its size, type of activity or infrastructure, requires network security solutions in place in order to protect it from the ever-increasing number of cyber threats. Firewalls are an important component of network security that protect networks by regulating incoming and outgoing traffic.

Simply having a firewall does not guarantee any protection against Internet threats, unless it is properly configured. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals that deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found, or when existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.

The overall aim of this thesis is to help system administrators better manage firewalls. First, we conduct a series of semi-structured interviews with system administrators, in which we ask them about problems confronted when managing firewalls. After having ascertained that there are usability problems involved, we begin to address them. We compare two different firewall rule set representation approaches and identify that a preference for one or the other depends on the firewall expertise of the individual. We introduce and mathematically formalize a set of four usability metrics which are designed to evaluate the quality of firewall rule sets. Furthermore, we not only investigate which firewall interfaces are utilized and preferred by system administrators but also identify and classify the interfaces' strengths and limitations. Finally, we conduct a systematic literature review to gain an understanding of the state of the art in firewall usability. This review classifies the available solutions and identifies the open challenges that exist in the field.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 17
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:15
Keywords
network security, usable security, firewall configuration, firewall interfaces, usability metrics
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-77106 (URN)978-91-7867-098-7 (ISBN)978-91-7867-108-3 (ISBN)
Public defence
2020-04-03, 1B306, Fryxellsalen, 10:15 (English)
Opponent
Supervisors
Funder
Knowledge Foundation
Available from: 2020-03-13 Created: 2020-02-27 Last updated: 2020-03-13Bibliographically approved

Open Access in DiVA

fulltext(1193 kB)27 downloads
File information
File name FULLTEXT01.pdfFile size 1193 kBChecksum SHA-512
8a2acd64fa1799c6d2a7aed606456f72d0c27437ef45b03f06fa5e73d4517cbdb2e53a72c9c83cea254b9c64c910800985f86dfadc4c56e331b08f0a7c767eea
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Authority records BETA

Voronkov, ArtemMartucci, LeonardoLindskog, Stefan

Search in DiVA

By author/editor
Voronkov, ArtemMartucci, LeonardoLindskog, Stefan
By organisation
Department of Mathematics and Computer Science (from 2013)
In the same journal
IEEE Access
Human Computer Interaction

Search outside of DiVA

GoogleGoogle Scholar
Total: 27 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 260 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf