Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Model checking
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Bridging the gap between web application firewalls and web applications
Proceedings of the fourth ACM workshop on Formal methods in security
Formal correctness of conflict detection for firewalls
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Information Systems Security
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Automatic Enforcement of Security in Computer Networks
Proceedings of the 2007 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the sixth SoMeT_07
A formal logic approach to firewall packet filtering analysis and generation
Artificial Intelligence Review
Using argumentation logic for firewall configuration management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Formal Verification of Security Policy Implementations in Enterprise Networks
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Managing intrusion detection rule sets
Proceedings of the Third European Workshop on System Security
Generating policy based security implementation in enterprise network: a formal framework
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Comparison model and algorithm for distributed firewall policy
ICIC'06 Proceedings of the 2006 international conference on Intelligent computing: Part II
Using argumentation logic for firewall policy specification and analysis
DSOM'06 Proceedings of the 17th IFIP/IEEE international conference on Distributed Systems: operations and management
A Systematic Survey of Self-Protecting Software Systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
| Hi-index | 0.00 |
Given a network that deploys multiple firewalls and network intrusion detection systems (NIDSs), ensuring that these security components are correctly configured is a challenging problem. Although models have been developed to reason independently about the effectiveness of firewalls and NIDSs, there is no common framework to analyze their interaction. This paper presents an integrated, constraint-based approach for modeling and reasoning about these configurations. Our approach considers the dependencies among the two types of components, and can reason automatically about their combined behavior. We have developed a tool for the specification and verification of networks that include multiple firewalls and NIDSs, based on this approach. This tool can also be used to automatically generate NIDS configurations that are optimal relative to a given cost function.