Formal analysis of firewalls using tree automata techniques
Résumé
Since the late 80s, firewalls are at the heart of network security. First designed to enable private networks to be opened up to the outside in a secure way, the growing complexity of organizations make them indispensable to control information flow within a company. The central role of firewalls in the security of the organization information make their management a critical task. That is why for years many works have focused on checking and analysing firewalls. In this paper, we propose a new approach for analysing firewalls, based on tree automata techniques: we show that tree automata provide a way to compare firewalls and to perform all usual analysis of firewalls (including the network address translation (NAT) functionality) in a unique formalism.
Origine : Fichiers produits par l'(les) auteur(s)