@inproceedings(bandara2009using, author = "Arosha~K. Bandara and Antonis~C. Kakas and Emil~C. Lupu and Alessandra Russo", year = "2009", title = "Using argumentation logic for firewall configuration management", booktitle = "IFIP/IEEE International Symposium on Integrated Network Management", organization = "IEEE", pages = "180--187", doi = "10.1109/INM.2009.5188808", ) @inproceedings(bartal1999firmato, author = "Yair Bartal and Alain Mayer and Kobbi Nissim and Avishai Wool", year = "1999", title = "Firmato: A novel firewall management toolkit", booktitle = "IEEE Symposium on Security and Privacy", organization = "IEEE", pages = "17--31", doi = "10.1109/SECPRI.1999.766714", ) @book(bishop2003computer, author = "M.~Bishop", year = "2003", title = "Computer Security: Art and Science", publisher = "Addison-Wesley", ) @incollection(brucker2008modelfwisabelle, author = "Achim~D. Brucker and Lukas Br{\"u}gger and Burkhart Wolff", year = "2008", title = "Model-based Firewall Conformance Testing", booktitle = "Testing of Software and Communicating Systems", publisher = "Springer", pages = "103--118", doi = "10.1007/978-3-540-68524-1\_9", ) @incollection(brucker2013modelfwisabelle, author = "Achim~D. Brucker and Lukas Br\"{u}gger and Burkhart Wolff", year = "2013", title = "{HOL-TestGen/FW}: An Environment for Specification-based Firewall Conformance Testing", booktitle = "International Colloquium on Theoretical Aspects of Computing -- ICTAC 2013", series = "Lecture Notes in Computer Science", volume = "8049", publisher = "Springer Berlin Heidelberg", pages = "112--121", doi = "10.1007/978-3-642-00593-0\_28", ) @manual(bsi2013smartmeter, organization = "Bundesamt f\"{u}r Sicherheit in der Informationstechnik", year = "2013", title = "{Technische Richtlinie BSI TR-03109-1} -- Anforderungen an die Interoperabilit\"{a}t der Kommunikationseinheit eines intelligenten Messsystems", edition = "1.0", note = "\url {https://www.bsi.bund.de}", ) @inproceedings(diekmann2014forte, author = "Cornelius Diekmann and Stephan-A. Posselt and Heiko Niedermayer and Holger Kinkelin and Oliver Hanka and Georg Carle", year = "2014", title = "{Verifying Security Policies using Host Attributes}", booktitle = "Proc.\ FORTE", publisher = "Springer", address = "Berlin, Germany", url = "http://www.net.in.tum.de/pub/diekmann/forte14.pdf", note = "To appear", ) @inproceedings(Guttman:1997:FilteringPostures, author = "J.~D. Guttman", year = "1997", title = "Filtering postures: local enforcement for global policies", booktitle = "Proceedings of the 1997 IEEE Symposium on Security and Privacy", address = "Washington, DC, USA", doi = "10.1109/SECPRI.1997.601327", ) @article(guttman05rigorous, author = "Joshua~D. Guttman and Amy~L. Herzog", year = "2005", title = "Rigorous automated network security management", journal = "International Journal of Information Security", volume = "4", pages = "29--48", doi = "10.1007/s10207-004-0052-x", ) @article(hansen2012research, author = "Andrew H.~R. Hansen", year = "2012", title = "Protecting Critical Infrastructure", journal = "ASA Institute for Risk \& Innovation", pages = "1--12", note = "\url {http://anniesearle.com/web-services/Documents/ResearchNotes/ASA_ResearchNote_ProtectingCriticalInfrastructure_June2012.pdf}", ) @inproceedings(kazemian2012HSA, author = "Peyman Kazemian and George Varghese and Nick McKeown", year = "2012", title = "Header space analysis: static checking for networks", booktitle = "Networked Systems Design and Implementation", series = "NSDI'12", publisher = "USENIX", pages = "113--126", url = "https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/kazemian", ) @misc(databreach2009, author = "Jeremy Kirk", year = "2010", title = "Verizon: Data breaches often caused by configuration errors", howpublished = "networkworld", note = "\url {http://www.networkworld.com/news/2010/072910-verizon-data-breaches-often-caused.html}", ) @inproceedings(marmorstein2005itval, author = "Robert~M. Marmorstein and Phil Kearns", year = "2005", title = "A Tool for Automated iptables Firewall Analysis.", booktitle = "USENIX Annual Technical Conference, FREENIX Track", pages = "71--81", url = "https://www.usenix.org/legacy/publications/library/proceedings/usenix05/tech/freenix/full_papers/marmorstein/marmorstein.pdf", ) @inproceedings(marmorstein2006firewall, author = "Robert~M. Marmorstein and Phil Kearns", year = "2006", title = "Firewall Analysis with Policy-based Host Classification.", booktitle = "LISA", volume = "6", pages = "4--4", url = "http://usenix.org/event/lisa06/tech/full_papers/marmorstein/marmorstein.pdf", ) @book(isabelle2013, author = "Tobias Nipkow and Lawrence~C. Paulson and Markus Wenzel", year = "2002, last updated 2013", title = "Isabelle/HOL: A Proof Assistant for Higher-Order Logic", series = "LNCS", volume = "2283", publisher = "Springer", url = "http://isabelle.in.tum.de/doc/tutorial.pdf", ) @inproceedings(ou2005mulval, author = "Xinming Ou and Sudhakar Govindavajhala and Andrew~W Appel", year = "2005", title = "{MulVAL}: A logic-based network security analyzer", booktitle = "14th USENIX Security Symposium", pages = "113--128", url = "https://www.usenix.org/legacy/publications/library/proceedings/sec05/tech/full_papers/ou/ou.pdf", ) @article(cspfirewall, author = "S.~Pozo and R.~Ceballos and R.~M. Gasca", year = "2007", title = "{CSP}-Based Firewall Rule Set Diagnosis using Security Policies", journal = "International Conference on Availability, Reliability and Security", pages = "723--729", doi = "10.1109/ARES.2007.63", ) @misc(iptables, author = "The netfilter.org project", title = "netfilter/iptables project", url = "http://www.netfilter.org/", ) @inproceedings(modelchecking2000, author = "R.W. Ritchey and P.~Ammann", year = "2000", title = "Using model checking to analyze network vulnerabilities", booktitle = "IEEE Symposium on Security and Privacy", pages = "156--165", doi = "10.1109/SECPRI.2000.848453", ) @article(sherry2012making, author = "Justine Sherry and Shaddi Hasan and Colin Scott and Arvind Krishnamurthy and Sylvia Ratnasamy and Vyas Sekar", year = "2012", title = "Making middleboxes someone else's problem: Network processing as a cloud service", journal = "ACM SIGCOMM Computer Communication Review", volume = "42", number = "4", pages = "13--24", doi = "10.1145/2377677.2377680", ) @inproceedings(tongaonkar2007inferring, author = "Alok Tongaonkar and Niranjan Inamdar and R~Sekar", year = "2007", title = "Inferring Higher Level Policies from Firewall Rules.", booktitle = "LISA", volume = "7", pages = "1--10", url = "https://www.usenix.org/legacy/event/lisa07/tech/full_papers/tongaonkar/tongaonkar.pdf", ) @misc(databreach2009src, author = "{Verizon Business RISK team} and {United States Secret Service}", year = "2010", title = "2010 Data Breach Investigations Report", note = "\url {http://www.verizonenterprise.com/resources/reports/rp_2010-DBIR-combined-reports_en_xg.pdf}", ) @article(firwallerr2004, author = "Avishai Wool", year = "2004", title = "A quantitative study of firewall configuration errors", journal = "Computer, IEEE", volume = "37", number = "6", pages = "62 -- 67", doi = "10.1109/MC.2004.2", ) @article(wool2004use, author = "Avishai Wool", year = "2004", title = "The use and usability of direction-based filtering in firewalls", journal = "Computers \& Security", volume = "23", number = "6", pages = "459--468", doi = "10.1016/j.cose.2004.02.003", ) @inproceedings(fireman2006, author = "Lihua Yuan and Hao Chen and Jianning Mai and Chen-Nee Chuah and Zhendong Su and P.~Mohapatra", year = "2006", title = "{FIREMAN}: a toolkit for firewall modeling and analysis", booktitle = "IEEE Symposium on Security and Privacy", pages = "199--213", doi = "10.1109/SP.2006.16", )