Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Access path selection in a relational database management system
SIGMOD '79 Proceedings of the 1979 ACM SIGMOD international conference on Management of data
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
A tool for automated iptables firewall analysis
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
An open source solution for testing NAT'd and nested iptables firewalls
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
OPODIS'04 Proceedings of the 8th international conference on Principles of Distributed Systems
The margrave tool for firewall analysis
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Hi-index | 0.00 |
Incorrect policy configurations are a major cause of security failures in large-scale systems. Policy analyzers and testing tools can help with this, but often the tools are specific to one type of policy (e.g., firewalls). In contrast, the most insidious security problems often require understanding the interactions of policies across systems (e.g., firewalls, SSH, file systems, etc.). Currently, much of this analysis must be done manually. In this paper, we propose a common framework called SPAN (Security Policy Analyzer) to help analyze policies from heterogeneous systems. On the front-end, SPAN presents administrators with a simple, unified, abstraction and flexible query language. Internally, policies and queries are implemented compactly and efficiently using decision diagrams.