Abstract
Firewalls are network security components designed to regulate incoming and outgoing traffic to protect computers and networks. The behavior of firewalls is dictated by its configuration file, which is a written sequence of rules expressed by a set of keys and parameters. In this paper, we investigate whether certain representations of firewall rule sets can affect understandability. To collect data for our investigation, we designed an online survey for an audience who are familiar with firewalls, in which we aimed to compare two different rule set representations: iptables and English. We collected data from 56 participants. Our results show that participants’ perception of a certain rule set representation depends on their firewall expertise. Participants with basic or intermediate knowledge of firewalls consider rule sets expressed in English to be 40% easier to understand, whereas advanced or expert firewall users deemed it to be 27% more difficult. We will discuss the reasons for these results and describe their possible implications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The survey is available at https://survey.cs.kau.se/rulesets_comparison/.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
References
Bodei, C., Degano, P., Galletta, L., Focardi, R., Tempesta, M., Veronese, L.: Language-independent synthesis of firewall policies. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 92–106. IEEE (2018)
Burkhart, B.: Subreddit gender ratios (2017). http://bburky.com/subredditgenderratios/
Connolly, J.H.: Context in the study of human languages and computer programming languages: a comparison. In: Akman, V., Bouquet, P., Thomason, R., Young, R. (eds.) CONTEXT 2001. LNCS, vol. 2116, pp. 116–128. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44607-9_9
Crosby, M.E., Scholtz, J., Wiedenbeck, S.: The roles beacons play in comprehension for novice and expert programmers. In: PPIG, p. 5 (2002)
Field, A.: Discovering Statistics Using IBM SPSS Statistics. Sage, Thousand Oaks (2013)
Meek, G.E., Ozgur, C., Dunning, K.: Comparison of the t vs. Wilcoxon signed-rank test for Likert scale data and small samples. J. Mod. Appl. Stat. Methods 6(1), 10 (2007)
Nanz, S., Torshizi, F., Pedroni, M., Meyer, B.: Design of an empirical study for comparing the usability of concurrent programming languages. Inf. Softw. Technol. 55(7), 1304–1315 (2013)
Pozo, S., Varela-Vaca, A., Gasca, R.: AFPL2, an abstract language for firewall ACLs with NAT support. In: 2009 Second International Conference on Dependability, pp. 52–59. IEEE (2009)
Rosenthal, R., Cooper, H., Hedges, L.: Parametric measures of effect size. Handb. Res. Synthesis 621, 231–244 (1994)
Sattelberg, W.: The demographics of reddit: who uses the site? (2018). https://www.techjunkie.com/demographics-reddit/
Svensk Författningssamling (SFS): Lag (2003:460) om etikprövning av forskning som avser människor [The Act concerning the Ethical Review of Research Involving Humans]. Utbildningsdepartementet, Stockholm, Sweden (2003)
Swedish Research Council (VR): Conducting ethical research (2018). https://www.vr.se/. Accessed 12 Dec 2019
Voronkov, A., Iwaya, L.H., Martucci, L.A., Lindskog, S.: Systematic literature review on usability of firewall configuration. ACM Comput. Surv. 50(6), 1–35 (2017). https://doi.org/10.1145/3130876
Voronkov, A., Martucci, L.A., Lindskog, S.: System administrators prefer command line interfaces, don’t they? An exploratory study of firewall interfaces. In: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019) (2019)
Voronkov, A., Martucci, L.A., Lindskog, S.: Measuring the usability of firewall rule sets. IEEE Access 8, 27106–27121 (2020). https://doi.org/10.1109/ACCESS.2020.2971093
Wiedenbeck, S., Ramalingam, V., Sarasamma, S., Corritore, C.L.: A comparison of the comprehension of object-oriented and procedural programs by novice programmers. Interact. Comput. 11(3), 255–282 (1999)
Wilcoxon, F.: Individual comparisons by ranking methods. Biometr. Bull. 1(6), 80–83 (1945). http://www.jstor.org/stable/3001968
Wong, T.: On the usability of firewall configuration. In: Symposium on Usable Privacy and Security (2008)
Wool, A.: Trends in firewall configuration errors: measuring the holes in swiss cheese. IEEE Internet Comput. 14(4), 58–65 (2010)
Zhang, B., Al-Shaer, E., Jagadeesan, R., Riely, J., Pitcher, C.: Specifications of a high-level conflict-free firewall policy language for multi-domain networks. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 185–194. ACM (2007)
Acknowledgments
We are very grateful to everyone who participated in our survey. We would also like to thank the moderators of the Sysadmin (r/sysadmin), Networking (r/networking), Netsec (r/netsec), Linux (r/linux) subreddits for allowing us to reach out to their community.
This work was supported by the Knowledge Foundation of Sweden HITS project and by the Swedish Foundation for Strategic Research SURPRISE project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Voronkov, A., Martucci, L.A. (2020). Natural vs. Technical Language Preference and Their Impact on Firewall Configuration. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-50309-3_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50308-6
Online ISBN: 978-3-030-50309-3
eBook Packages: Computer ScienceComputer Science (R0)