Design and validation of computer protocols
Design and validation of computer protocols
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Graph theory and its applications
Graph theory and its applications
Building Internet Firewalls
A Graph Theoretic Model for Hardware-based Firewalls
ICON '01 Proceedings of the 9th IEEE International Conference on Networks
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
Firewalls offer a protection for private networks against external attacks. However, configuring firewalls correctly is a difficult task. There are two main reasons. One is that the effects of a firewall configuration cannot be easily seen during the configuration time. Another one is the lack of guidance to help configuring firewalls. In this paper, we propose a general and unified methodology for the verification and the synthesis of firewall configurations. Our verification methodology offers a way to foresee and analyze effects of firewall configurations during the configuration time. Furthermore, our synthesis methodology can generate firewall configurations that satisfies users' requirements. As a result, firewall configurations that are free of many kinds of errors and loopholes can be obtained easily.