Would you intentionally make your firewall leak packets that are supposed to be blocked? This paper presents an interesting argument for when this might be desired.
When your firewall is hosted, the cloud service provider (CSP) would know your firewall configuration. Is that a problem? The argument is that you trust the CSP, but individual CSP staff members could have malicious intentions; knowing your firewall configuration would make it easy for them to launch an attack.
Earlier work had already proposed a mechanism to hide the firewall configuration from the CSP by transforming the firewall decision diagrams into a set of hash functions, a Bloom filter firewall decision diagram (BFFDD); this is known as the Ladon framework. However, even though in this case the CSP now only sees the hash functions and not the original firewall configuration, the CSP could still de-anonymize the firewall by watching the traffic entering and leaving the firewall.
This paper proposes to introduce purposeful uncertainty into the BFFDD decisions, to make the task of deducing the original firewall configuration infeasible by intentionally allowing “bad” packets to pass through, and not letting the observer record any positive decision (of a closed firewall) as certain. However, with the bad packets being mixed with the good traffic, the connection from the public cloud has to be filtered by a second, traditional firewall in the private cloud operated by the customer; this firewall and the private cloud would only be receiving a fraction of the traffic entering the public cloud.
The paper shows through a detailed mathematical analysis that the rate of the “bad packets” allowed through can be tuned to a chosen value, allowing the company to reach a desired tradeoff between the extra load (on the network link and the second firewall in the private cloud) and the level of privacy of the firewall configuration in the public cloud.
The paper also provides a good background on the issues surrounding operations of firewalls in public clouds. I recommend it to researchers and practitioners active in this area.