Network flows: theory, algorithms, and applications
Network flows: theory, algorithms, and applications
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Web security sourcebook
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Essential check point FireWall-1: an installation, configuration, and troubleshooting guide
Essential check point FireWall-1: an installation, configuration, and troubleshooting guide
Building Internet Firewalls
Cisco Secure PIX Firewalls
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Improving the granularity of access control for Windows 2000
ACM Transactions on Information and System Security (TISSEC)
A Technique for Drawing Directed Graphs
IEEE Transactions on Software Engineering
Security Goals: Packet Trajectories and Strand Spaces
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Authentication and Confidentiality via IPSEC
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Policy-Based Management: Bridging the Gap
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Firewalls and Internet Security: Repelling the Wily Hacker
Firewalls and Internet Security: Repelling the Wily Hacker
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A comparison of methods for implementing adaptive security policies
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Tricks you can do if your firewall is a bridge
NETA'99 Proceedings of the 1st conference on Conference on Network Administration - Volume 1
Specification-Based Testing of Firewalls
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Anticipatory distributed packet filter configurations for carrier-grade IP networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Formal correctness of conflict detection for firewalls
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Multi-constraint Security Policies for Delegated Firewall Administration
DSOM '08 Proceedings of the 19th IFIP/IEEE international workshop on Distributed Systems: Operations and Management: Managing Large-Scale Service Deployment
Multiprimary Support for the Availability of Cluster-Based Stateful Firewalls Using FT-FW
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Practical declarative network management
Proceedings of the 1st ACM workshop on Research on enterprise networking
MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Using argumentation logic for firewall configuration management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Formal Verification of Security Policy Implementations in Enterprise Networks
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
The impact of predicting attacker tools in security risk assessments
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Generating policy based security implementation in enterprise network: a formal framework
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
FAME: a firewall anomaly management environment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
A survey of system configuration tools
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Baaz: a system for detecting access control misconfigurations
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
A novel three-tiered visualization approach for firewall rule validation
Journal of Visual Languages and Computing
Journal of Systems and Software
Integrated management of network and security devices in IT infrastructures
Proceedings of the 7th International Conference on Network and Services Management
On scalability and modularisation in the modelling of network security systems
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Security policy enforcement through refinement process
B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
Improving the configuration management of large network security systems
DSOM'05 Proceedings of the 16th IFIP/IEEE Ambient Networks international conference on Distributed Systems: operations and Management
Multi-constraint security policies for delegated firewall administration
International Journal of Network Management
The Enhancement of Security in Healthcare Information Systems
Journal of Medical Systems
A visualized internet firewall rule validation system
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
A model-driven approach for the extraction of network access-control policies
Proceedings of the Workshop on Model-Driven Security
Extensible policy framework for heterogeneous network environments
International Journal of Information and Computer Security
| Hi-index | 0.00 |
In recent years packet-filtering firewalls have seen some impressive technological advances (e.g., stateful inspection, transparency, performance, etc.) and wide-spread deployment. In contrast, firewall and security management technology is lacking. In this paper we present Firmato, a firewall management toolkit, with the following distinguishing properties and components: (1) an entity-relationship model containing, in a unified form, global knowledge of the security policy and of the network topology; (2) a model definition language, which we use as an interface to define an instance of the entity-relationship model; (3) a model compiler, translating the global knowledge of the model into firewall-specific configuration files; and (4) a graphical firewall rule illustrator. We implemented a prototype of our toolkit to work with several commercially available firewall products. This prototype was used to control an operational firewall for several months. We believe that our approach is an important step toward streamlining the process of configuring and managing firewalls, especially in complex, multi-firewall installations.