Firewalls in computer networks implement isolation and filter connections, and they are usually deployed as part of a defense-in-depth strategy. This established design is challenged by developments in network and service architectures. Both computing platforms and networks have become more complex with increased physical and logical distribution, layers of virtualization, and dynamic configurations. Many products claim to enforce isolation in such systems, but it is difficult to understand what they really achieve. We will develop methods and tools for analyzing internal firewall-like isolation policies in the modern service and network architectures. The main targets for the analysis are cloud applications with the microservice architecture, and isolation mechanisms for untrusted smart appliances in local networks. The outcome is testing methods and tools that make connectivity and isolation between the system components visible to a security analyst and to the software developer.

2022

2024