Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Fang: A Firewall Analysis Engine
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Firewall Design: Consistency, Completeness, and Compactness
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Efficient symbolic state-space construction for asynchronous systems
ICATPN'00 Proceedings of the 21st international conference on Application and theory of petri nets
An open source solution for testing NAT'd and nested iptables firewalls
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Inferring higher level policies from firewall rules
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Assisted firewall policy repair using examples and history
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Using argumentation logic for firewall configuration management
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
SPAN: a unified framework and toolkit for querying heterogeneous access policies
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Aligning Semantic Web applications with network access controls
Computer Standards & Interfaces
The margrave tool for firewall analysis
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Network attack detection at flow level
NEW2AN'11/ruSMART'11 Proceedings of the 11th international conference and 4th international conference on Smart spaces and next generation wired/wireless networking
Automated information flow analysis of virtualized infrastructures
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Hi-index | 0.00 |
We describe ITVal, a tool that enables the efficient analysis of an iptables-based firewall. The underlying basis of ITVal is a library for the efficient manipulation of multi-way decision diagrams. We represent iptables rule sets and queries about the firewall defined by those rule sets as multi-way decision diagrams, and determine answers for the queries by manipulating the diagrams. In addition to discussing the design and implementation of ITVal, we describe how it can be used to detect and correct common firewall errors.