Principles of database and knowledge-base systems, Vol. I
Principles of database and knowledge-base systems, Vol. I
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
A modular approach to composing access control policies
Proceedings of the 7th ACM conference on Computer and communications security
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Policy algebras for access control: the propositional case
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Routing design in operational networks: a look from the inside
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Conflict and combination in privacy policy languages
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
An analysis of P3P-enabled web sites among top-20 search results
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
Rethinking enterprise network control
IEEE/ACM Transactions on Networking (TON)
HyperFlow: a distributed control plane for OpenFlow
INM/WREN'10 Proceedings of the 2010 internet network management conference on Research on enterprise networking
A declarative approach for secure and robust routing
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Agents, multi-agent systems and declarative programming: what, when, where, why, who, how?
A 25-year perspective on logic programming
Frenetic: a high-level language for OpenFlow networks
Proceedings of the Workshop on Programmable Routers for Extensible Services of Tomorrow
Declarative configuration management for complex and dynamic networks
Proceedings of the 6th International COnference
Onix: a distributed control platform for large-scale production networks
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Nettle: taking the sting out of programming network routers
PADL'11 Proceedings of the 13th international conference on Practical aspects of declarative languages
Frenetic: a network programming language
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Hot-ICE'12 Proceedings of the 2nd USENIX conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services
Hierarchical policies for software defined networks
Proceedings of the first workshop on Hot topics in software defined networks
Procera: a language for high-level reactive network control
Proceedings of the first workshop on Hot topics in software defined networks
Verification of computer switching networks: an overview
ATVA'12 Proceedings of the 10th international conference on Automated Technology for Verification and Analysis
Machine-verified network controllers
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Composing software-defined networks
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Real time network policy checking using header space analysis
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Scalable rule management for data centers
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Participatory networking: an API for application control of SDNs
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Maple: simplifying SDN programming using algorithmic policies
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
FatTire: declarative fault tolerance for software-defined networks
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
A balance of power: expressive, analyzable controller programming
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Managing the network with Merlin
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Tierless programming and reasoning for software-defined networks
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
We present Flow-based Management Language (FML), a declarative policy language for managing the configuration of enterprise networks. FML was designed to replace the many disparate configuration mechanisms traditionally used to enforce policies within the enterprise. These include ACLs, VLANs, NATs, policy-routing, and proprietary admission control systems. FML balances the desires to express policies naturally and enforce policies efficiently. We have implemented FML and have used it to manage multiple operational enterprise networks for over a year.