Application of the XTT Rule-Based Model for Formal Design and Verification of Internet Security Systems
نویسنده
چکیده
The paper presents a concept of support for the design and analysis of Internet security systems with a rule-based methodology. It considers a web security architecture, including a network and applicationlevel firewall with intrusion detection systems. The XTT methodology allows for hierarchical design, and on-line analysis of rule-based systems. It is applied using the Unified Firewall Model, allowing for implementationagnostic formal design and verification of firewalls. UFM extension aimed at integration with ModSecurity HTTP firewall are introduced.
منابع مشابه
A Unified Firewall Model for Web Security
The paper presents a new formalization for firewall systems, called the Unified Firewall Model (UFM). It offers an abstraction over firewall implementations, and uses formal concepts of Rule-Based Systems to describe firewall syntax and semantics. It is backed by the XTT/ARD design methods. It allows for improving system quality, by introducing a formal verification during the design stage.
متن کاملA short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملGSLHA: Group-based Secure Lightweight Handover Authentication Protocol for M2M Communication
Machine to machine (M2M) communication, which is also known as machine type communication (MTC), is one of the most fascinating parts of mobile communication technology and also an important practical application of the Internet of Things. The main objective of this type of communication, is handling massive heterogeneous devices with low network overheads and high security guarantees. Hence, v...
متن کاملProlog-Based Analysis of Tabular Rule-Based Systems with XTT Approach
This paper presents a new approach to the issue of assuring rule-based systems (RBS) correctness. The principal idea is that verification should be performed on-line, incrementally, during system design. It allows for early detection and handling of knowledge base anomalies and inconsistencies by incorporating a formal Prolog-based analysis of RBS in the design phase. A formal concept of a desi...
متن کامل