File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/SP.2006.16
- Scopus: eid_2-s2.0-33751028760
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: FIREMAN: A toolkit for firewall modeling and analysis
Title | FIREMAN: A toolkit for firewall modeling and analysis |
---|---|
Authors | |
Issue Date | 2006 |
Citation | Proceedings - IEEE Symposium on Security and Privacy, 2006, v. 2006, p. 199-213 How to Cite? |
Abstract | Security concerns are becoming increasingly critical in networked systems. Firewalls provide important defense for network security. However, misconfigurations in firewalls are very common and significantly weaken the desired security. This paper introduces FIREMAN, a static analysis toolkit for firewall modeling and analysis. By treating firewall configurations as specialized programs, FIREMAN applies static analysis techniques to check misconfigurations, such as policy violations, inconsistencies, and inefficiencies, in individual firewalls as well as among distributed firewalls. FIREMAN performs symbolic model checking of the firewall configurations for all possible IP packets and along all possible datapaths. It is both sound and complete because of the finite state nature of firewall configurations. FIREMAN is implemented by modeling firewall rules using binary decision diagrams (BDDs), which have been used successfully in hardware verification and model checking. We have experimented with FIREMAN and used it to uncover several real misconfigurations in enterprise networks, some of which have been subsequently confirmed and corrected by the administrators of these networks. © 2006 IEEE. |
Persistent Identifier | http://hdl.handle.net/10722/346538 |
ISSN | 2020 SCImago Journal Rankings: 2.407 |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Yuan, Lihua | - |
dc.contributor.author | Chen, Hao | - |
dc.contributor.author | Mai, Jianning | - |
dc.contributor.author | Chuah, Chen Nee | - |
dc.contributor.author | Su, Zhendong | - |
dc.contributor.author | Mohapatra, Prasant | - |
dc.date.accessioned | 2024-09-17T04:11:35Z | - |
dc.date.available | 2024-09-17T04:11:35Z | - |
dc.date.issued | 2006 | - |
dc.identifier.citation | Proceedings - IEEE Symposium on Security and Privacy, 2006, v. 2006, p. 199-213 | - |
dc.identifier.issn | 1081-6011 | - |
dc.identifier.uri | http://hdl.handle.net/10722/346538 | - |
dc.description.abstract | Security concerns are becoming increasingly critical in networked systems. Firewalls provide important defense for network security. However, misconfigurations in firewalls are very common and significantly weaken the desired security. This paper introduces FIREMAN, a static analysis toolkit for firewall modeling and analysis. By treating firewall configurations as specialized programs, FIREMAN applies static analysis techniques to check misconfigurations, such as policy violations, inconsistencies, and inefficiencies, in individual firewalls as well as among distributed firewalls. FIREMAN performs symbolic model checking of the firewall configurations for all possible IP packets and along all possible datapaths. It is both sound and complete because of the finite state nature of firewall configurations. FIREMAN is implemented by modeling firewall rules using binary decision diagrams (BDDs), which have been used successfully in hardware verification and model checking. We have experimented with FIREMAN and used it to uncover several real misconfigurations in enterprise networks, some of which have been subsequently confirmed and corrected by the administrators of these networks. © 2006 IEEE. | - |
dc.language | eng | - |
dc.relation.ispartof | Proceedings - IEEE Symposium on Security and Privacy | - |
dc.title | FIREMAN: A toolkit for firewall modeling and analysis | - |
dc.type | Conference_Paper | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1109/SP.2006.16 | - |
dc.identifier.scopus | eid_2-s2.0-33751028760 | - |
dc.identifier.volume | 2006 | - |
dc.identifier.spage | 199 | - |
dc.identifier.epage | 213 | - |