Tree automata based semantics of firewalls

Tony Bourdier 1
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Security constitutes a crucial concern in modern information systems. Several aspects are involved, such as user authentication (establishing and verifying users' identity), cryptology (changing secrets into unintelligible messages and back to the original secrets after transmission) and security policies (preventing illicit or forbidden accesses from users to information). Firewalls are a core element of network security policies, that is why their analysis has drawn many attention over the past decade. In this paper, we propose a new approach for analyzing firewalls, based on tree automata techniques: we show that the semantics of any process composing a firewall (including the network address translation functionality) can be expressed as a regular set or relation and thus can be denoted by a tree automaton. We also investigate abilities opened by tree automata based representations of the semantics of firewalls.
Type de document :
Communication dans un congrès
6th International Conference on Network Architectures and Information Systems Security, 2011, La Rochelle, France. IEEE, pp.171--178, 2011, 〈http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5931363〉. 〈10.1109/SAR-SSI.2011.5931363〉
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00460462
Contributeur : Tony Bourdier <>
Soumis le : lundi 18 avril 2011 - 15:22:20
Dernière modification le : jeudi 11 janvier 2018 - 06:22:10
Document(s) archivé(s) le : samedi 3 décembre 2016 - 13:47:38

Fichier

hal.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Tony Bourdier. Tree automata based semantics of firewalls. 6th International Conference on Network Architectures and Information Systems Security, 2011, La Rochelle, France. IEEE, pp.171--178, 2011, 〈http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5931363〉. 〈10.1109/SAR-SSI.2011.5931363〉. 〈inria-00460462v3〉

Partager

Métriques

Consultations de la notice

233

Téléchargements de fichiers

165