A Unified Methodology for Verification and Synthesis of Firewall Configurations
نویسندگان
چکیده
Firewalls offer a protection for private networks against external attacks. However, configuring firewalls correctly is a difficult task. There are two main reasons. One is that the effects of a firewall configuration cannot be easily seen during the configuration time. Another one is the lack of guidance to help configuring firewalls. In this paper, we propose a general and unified methodology for the verification and the synthesis of firewall configurations. Our verification methodology offers a way to foresee and analyze effects of firewall configurations during the configuration time. Furthermore, our synthesis methodology can generate firewall configurations that satisfies users' requirements. As a result, firewall configurations that are free of many kinds of errors and loopholes can be obtained easily.
منابع مشابه
Application of the XTT Rule-Based Model for Formal Design and Verification of Internet Security Systems
The paper presents a concept of support for the design and analysis of Internet security systems with a rule-based methodology. It considers a web security architecture, including a network and applicationlevel firewall with intrusion detection systems. The XTT methodology allows for hierarchical design, and on-line analysis of rule-based systems. It is applied using the Unified Firewall Model,...
متن کاملA Unified Firewall Model for Web Security
The paper presents a new formalization for firewall systems, called the Unified Firewall Model (UFM). It offers an abstraction over firewall implementations, and uses formal concepts of Rule-Based Systems to describe firewall syntax and semantics. It is backed by the XTT/ARD design methods. It allows for improving system quality, by introducing a formal verification during the design stage.
متن کاملA Unified Approach for Design of Lp Polynomial Algorithms
By summarizing Khachiyan's algorithm and Karmarkar's algorithm forlinear program (LP) a unified methodology for the design of polynomial-time algorithms for LP is presented in this paper. A key concept is the so-called extended binary search (EBS) algorithm introduced by the author. It is used as a unified model to analyze the complexities of the existing modem LP algorithms and possibly, help ...
متن کاملA graph theoretic model for hardware-based firewalls
Firewalls offer a protection for private networks against external attacks. However, Configuring firewalls is a difficult task. The reason in that the effects of a firewall configuration cannot be easily seen during the configuration time. As a result, errors and loopholes in firewall configurations, if exist are discovered only after they actually happen at the execution time. In this paper, w...
متن کاملA Methodology for Unified Assessment of Physical and Geographical Dependencies of Wide Area Measurement Systems in Smart Grids
Wide Area Measurement Systems (WAMS) enable real time monitoring and control of smart grids by combining digital measurement devices, communication and control systems. As WAMS consist of various infrastructures, they imply complex dependencies among their underlying systems and components of different types, such as cyber, physical and geographical dependencies. Although several works exist in...
متن کامل