A Calculus for Distributed Firewall Specification and Verification
作者: Liviu Pene , Kamel Adi
DOI:
关键词:
摘要: This paper proposes a firewall specification calculus suited for expressing security policies implemented in distributed firewalls. Our syntax and semantics, inspired from the ambient calculus, allow of filtering rules both single configurations. We show how our can be used to address problem conflict detection approach facilitates analysis effect that network topologies have on policies.
acm.org 参考文章(17)
John P. Wack, Guidelines on Firewalls and Firewall Policy National Institute of Standards and Technology. ,(2002) , 10.6028/NIST.SP.800-41
Pierpaolo Degano, Francesca Levi, Chiara Bodei, Safe Ambients: Control Flow Analysis and Security Lecture Notes in Computer Science. pp. 199- 214 ,(2000) , 10.1007/3-540-44464-5_15
Flemming Nielson, Hanne Riis Nielson, René Rydhof Hansen, Jacob Grydholt Jensen, None, Validating Firewalls in Mobile Ambients CONCUR’99 Concurrency Theory. pp. 463- 477 ,(1999) , 10.1007/3-540-48320-9_32
Scott Hazelhurst, Algorithms for Analysing Firewall and Router Access Lists arXiv: Networking and Internet Architecture. ,(2000)
Andrew D. Gordon, Luca Cardelli, Equational Properties of Mobile Ambients foundations of software science and computation structure. pp. 212- 226 ,(1999) , 10.1007/3-540-49019-1_15
Y. Bartal, A. Mayer, K. Nissim, A. Wool, Firmato: a novel firewall management toolkit ieee symposium on security and privacy. pp. 17- 31 ,(1999) , 10.1109/SECPRI.1999.766714
Avishai Wool, Architecting the Lumeta firewall analyzer usenix security symposium. pp. 7- 7 ,(2001)
G. Ferrari, E. Moggi, R. Pugliese, Guardians for Ambient-Based Monitoring Electronic Notes in Theoretical Computer Science. ,vol. 66, pp. 52- 75 ,(2002) , 10.1016/S1571-0661(04)80416-X
Luca Cardelli, Andrew D. Gordon, Types for mobile ambients Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '99. pp. 79- 92 ,(1999) , 10.1145/292540.292550
J. Burns, A. Cheng, P. Gurung, S. Rajagopalan, P. Rao, D. Rosenbluth, A.V. Surendran, D.M. Martin, Automatic management of network security policy darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2001) , 10.1109/DISCEX.2001.932156