A Calculus for Distributed Firewall Specification and Verification

Authors:
Liviu Pene;Kamel Adi
Affiliations:
LRSI Group, Computer Science and Engineering Department, Université du Québec en Outaouais, Gatineau, Québec, Canada, penl01@uqo.ca, adi@uqo.ca;LRSI Group, Computer Science and Engineering Department, Université du Québec en Outaouais, Gatineau, Québec, Canada, penl01@uqo.ca, adi@uqo.ca
Venue:
Proceedings of the 2006 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the fifth SoMeT_06
Year:
2006

Citing 7
Cited 0

Types for mobile ambients

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Implementing a distributed firewall

Proceedings of the 7th ACM conference on Computer and communications security
Mobile Ambients

FoSSaCS '98 Proceedings of the First International Conference on Foundations of Software Science and Computation Structure
Filtering postures: local enforcement for global policies

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Using ambients to control resources

International Journal of Information Security - Special issue on security in global computing
Architecting the Lumeta firewall analyzer

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a firewall specification calculus suited for expressing security policies implemented in distributed firewalls. Our syntax and semantics, inspired from the ambient calculus, allow the specification of filtering rules for both single and distributed configurations. We show how our calculus can be used to address the problem of conflict detection and how our approach facilitates the analysis of the effect that network topologies have on distributed firewall policies.