Term rewriting and all that
Autowrite: A Tool for Checking Properties of Term Rewriting Systems
RTA '02 Proceedings of the 13th International Conference on Rewriting Techniques and Applications
Decidable Approximations of Term Rewriting Systems
RTA '96 Proceedings of the 7th International Conference on Rewriting Techniques and Applications
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
An inference system for detecting firewall filtering rules anomalies
Proceedings of the 2008 ACM symposium on Applied computing
Analysis of Rewrite-Based Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
IEEE Transactions on Parallel and Distributed Systems
Proving Confluence of Term Rewriting Systems Automatically
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
A3PAT, an approach for certified automated termination proofs
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Tom: piggybacking rewriting on java
RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic
The margrave tool for firewall analysis
LISA'10 Proceedings of the 24th international conference on Large installation system administration
A Church-Rosser checker tool for conditional order-sorted equational Maude specifications
WRLA'10 Proceedings of the 8th international conference on Rewriting logic and its applications
AProVE 1.2: automatic termination proofs in the dependency pair framework
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
OPODIS'04 Proceedings of the 8th international conference on Principles of Distributed Systems
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Taxonomy of conflicts in network security policies
IEEE Communications Magazine
Conflict classification and analysis of distributed firewall policies
IEEE Journal on Selected Areas in Communications
Automated analysis of rule-based access control policies
PLPV '13 Proceedings of the 7th workshop on Programming languages meets program verification
| Hi-index | 0.00 |
First designed to enable private networks to be opened up to the outside world in a secure way, the growing complexity of organizations make firewalls indispensable to control information flow within a company. The central role they hold in the security of the organization information make their management a critical task and that is why for years many works have focused on checking and analyzing firewalls. The composition of firewalls, taking into account routing rules, has nevertheless often been neglected. In this paper, we propose to specify all components of a firewall, ie filtering and translation rules, as a rewrite system. We show that such specifications allow us to handle usual problems such as comparison, structural analysis and query analysis. We also propose a formal way to describe the composition of firewalls (including routing) in order to build a whole network security policy. The properties of the obtained rewrite system are strongly related to the properties of the specified networks and thus, classical theoretical and practical tools can be used to obtain relevant security properties of the security policies.