Skip to Main content Skip to Navigation
Conference papers

Symbolic analysis of network security policies using rewrite systems

Tony Bourdier 1 Horatiu Cirstea 1 
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : First designed to enable private networks to be opened up to the outside world in a secure way, the growing complexity of organizations make firewalls indispensable to control information flow within a company. The central role they hold in the security of the organization information make their management a critical task and that is why for years many works have focused on checking and analyzing firewalls. The composition of firewalls, taking into account routing rules, has nevertheless often been neglected. In this paper, we propose to specify all components of a firewall, ie filtering and translation rules, as a rewrite system. We show that such specifications allow us to handle usual problems such as comparison, structural analysis and query analysis. We also propose a formal way to describe the composition of firewalls (including routing) in order to build a whole network security policy. The properties of the obtained rewrite system are strongly related to the properties of the specified networks and thus, classical theoretical and practical tools can be used to obtain relevant security properties of the security policies.
Complete list of metadata

Cited literature [27 references]  Display  Hide  Download
Contributor : Tony Bourdier Connect in order to contact the contributor
Submitted on : Wednesday, April 20, 2011 - 9:14:38 AM
Last modification on : Wednesday, February 2, 2022 - 3:51:20 PM
Long-term archiving on: : Thursday, November 8, 2012 - 4:55:15 PM


Files produced by the author(s)




Tony Bourdier, Horatiu Cirstea. Symbolic analysis of network security policies using rewrite systems. Symposium on Principles and Practices of Declarative Programming, Jul 2011, Odense, Denmark. pp.77-88, ⟨10.1145/2003476.2003489⟩. ⟨inria-00567858v2⟩



Record views


Files downloads