Abdullah Al Farooq (Wentworth Institute of Technology), Tanvir Rahman Akash (Trine University), Manash Sarker (Patuakhali Science and Technology University)

Firewall rule misconfigurations is a very-well known challenge in network security management. It often leads to unintended access control behavior, storage misuse, unnecessary management overhead, and performance degradation. Existing approaches primarily rely on static rule analysis and are limited in their ability to explain how misconfigurations manifest during actual firewall execution. In this paper, we propose a provenance-based method for detecting firewall rule misconfigurations by reconstructing causal relationships between network traffic, firewall rules, and filtering decisions using firewall logs. Our methodology enables the systematic detection of well-acknowledged firewall misconfigurations, including shadowing, redundancy, generalization, specialization, and correlation. To ensure completeness and soundness, we formally specify the provenance model and prove key structural properties, including acyclicity, using the F* verification framework.

We evaluate our approach on an OPNsense firewall with some misconfigured rule sets and demonstrate that it detects all conflicts with negligible runtime and storage overhead. The results show that data provenance provides an effective and viable method for analyzing firewall misconfigurations.

View More Papers

ViGText: Deepfake Image Detection with Vision-Language Model Explanations and...

Ahmad ALBarqawi (New Jersey Institute of Technology, Newark, NJ, USA), Mahmoud Nazzal (Old Dominion University, Norfolk, VA, USA), Issa Khalil (Qatar Computing Research Institute (QCRI), HBKU, Doha, Qatar), Abdallah Khreishah (New Jersey Institute of Technology, Newark, NJ, USA), NhatHai Phan (New Jersey Institute of Technology, Newark, NJ, USA)

Read More

The Fragility of DNS-Based Security Under Imperfect DNS Operation

Tino Hager (Mailtower.app), Ronald Petrlic (Nuremberg Institute of Technology)

Read More

Non-Disruptive Disruption: An Empirical Experience of Introducing LLMs in...

Francis Hahn (University of South Florida), Mohd Mamoon (University of Kansas), Alexandru G. Bardas (University of Kansas), Michael Collins (University of Southern California – ISI), Jaclyn Lauren Dudek (University of Kansas), Daniel Lende (University of South Florida), Xinming Ou (University of South Florida), S. Raj Rajagopalan (Resideo Technologies)

Read More