References

  1. Arosha K. Bandara, Antonis C. Kakas, Emil C. Lupu & Alessandra Russo (2009): Using argumentation logic for firewall configuration management. In: IFIP/IEEE International Symposium on Integrated Network Management. IEEE, pp. 180–187, doi:10.1109/INM.2009.5188808.
  2. Yair Bartal, Alain Mayer, Kobbi Nissim & Avishai Wool (1999): Firmato: A novel firewall management toolkit. In: IEEE Symposium on Security and Privacy. IEEE, pp. 17–31, doi:10.1109/SECPRI.1999.766714.
  3. M. Bishop (2003): Computer Security: Art and Science. Addison-Wesley.
  4. Achim D. Brucker, Lukas Brügger & Burkhart Wolff (2008): Model-based Firewall Conformance Testing. In: Testing of Software and Communicating Systems. Springer, pp. 103–118, doi:10.1007/978-3-540-68524-1_9.
  5. Achim D. Brucker, Lukas Brügger & Burkhart Wolff (2013): HOL-TestGen/FW: An Environment for Specification-based Firewall Conformance Testing. In: International Colloquium on Theoretical Aspects of Computing – ICTAC 2013, Lecture Notes in Computer Science 8049. Springer Berlin Heidelberg, pp. 112–121, doi:10.1007/978-3-642-00593-0_28.
  6. Bundesamt für Sicherheit in der Informationstechnik (2013): Technische Richtlinie BSI TR-03109-1 – Anforderungen an die Interoperabilität der Kommunikationseinheit eines intelligenten Messsystems, 1.0 edition. https://www.bsi.bund.de.
  7. Cornelius Diekmann, Stephan-A. Posselt, Heiko Niedermayer, Holger Kinkelin, Oliver Hanka & Georg Carle (2014): Verifying Security Policies using Host Attributes. In: Proc. FORTE. Springer, Berlin, Germany. Available at http://www.net.in.tum.de/pub/diekmann/forte14.pdf. To appear.
  8. J. D. Guttman (1997): Filtering postures: local enforcement for global policies. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, Washington, DC, USA, doi:10.1109/SECPRI.1997.601327.
  9. Joshua D. Guttman & Amy L. Herzog (2005): Rigorous automated network security management. International Journal of Information Security 4, pp. 29–48, doi:10.1007/s10207-004-0052-x.
  10. Andrew H. R. Hansen (2012): Protecting Critical Infrastructure. ASA Institute for Risk & Innovation, pp. 1–12. http://anniesearle.com/web-services/Documents/ResearchNotes/ASA_ResearchNote_ProtectingCriticalInfrastructure_June2012.pdf.
  11. Peyman Kazemian, George Varghese & Nick McKeown (2012): Header space analysis: static checking for networks. In: Networked Systems Design and Implementation, NSDI'12. USENIX, pp. 113–126. Available at https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/kazemian.
  12. Jeremy Kirk (2010): Verizon: Data breaches often caused by configuration errors. networkworld. http://www.networkworld.com/news/2010/072910-verizon-data-breaches-often-caused.html.
  13. Robert M. Marmorstein & Phil Kearns (2005): A Tool for Automated iptables Firewall Analysis.. In: USENIX Annual Technical Conference, FREENIX Track, pp. 71–81. Available at https://www.usenix.org/legacy/publications/library/proceedings/usenix05/tech/freenix/full_papers/marmorstein/marmorstein.pdf.
  14. Robert M. Marmorstein & Phil Kearns (2006): Firewall Analysis with Policy-based Host Classification.. In: LISA 6, pp. 4–4. Available at http://usenix.org/event/lisa06/tech/full_papers/marmorstein/marmorstein.pdf.
  15. Tobias Nipkow, Lawrence C. Paulson & Markus Wenzel (2002, last updated 2013): Isabelle/HOL: A Proof Assistant for Higher-Order Logic. LNCS 2283. Springer. Available at http://isabelle.in.tum.de/doc/tutorial.pdf.
  16. Xinming Ou, Sudhakar Govindavajhala & Andrew W Appel (2005): MulVAL: A logic-based network security analyzer. In: 14th USENIX Security Symposium, pp. 113–128. Available at https://www.usenix.org/legacy/publications/library/proceedings/sec05/tech/full_papers/ou/ou.pdf.
  17. S. Pozo, R. Ceballos & R. M. Gasca (2007): CSP-Based Firewall Rule Set Diagnosis using Security Policies. International Conference on Availability, Reliability and Security, pp. 723–729, doi:10.1109/ARES.2007.63.
  18. The netfilter.org project: netfilter/iptables project. Available at http://www.netfilter.org/.
  19. R.W. Ritchey & P. Ammann (2000): Using model checking to analyze network vulnerabilities. In: IEEE Symposium on Security and Privacy, pp. 156–165, doi:10.1109/SECPRI.2000.848453.
  20. Justine Sherry, Shaddi Hasan, Colin Scott, Arvind Krishnamurthy, Sylvia Ratnasamy & Vyas Sekar (2012): Making middleboxes someone else's problem: Network processing as a cloud service. ACM SIGCOMM Computer Communication Review 42(4), pp. 13–24, doi:10.1145/2377677.2377680.
  21. Alok Tongaonkar, Niranjan Inamdar & R Sekar (2007): Inferring Higher Level Policies from Firewall Rules.. In: LISA 7, pp. 1–10. Available at https://www.usenix.org/legacy/event/lisa07/tech/full_papers/tongaonkar/tongaonkar.pdf.
  22. Verizon Business RISK team & United States Secret Service (2010): 2010 Data Breach Investigations Report. http://www.verizonenterprise.com/resources/reports/rp_2010-DBIR-combined-reports_en_xg.pdf.
  23. Avishai Wool (2004): A quantitative study of firewall configuration errors. Computer, IEEE 37(6), pp. 62 – 67, doi:10.1109/MC.2004.2.
  24. Avishai Wool (2004): The use and usability of direction-based filtering in firewalls. Computers & Security 23(6), pp. 459–468, doi:10.1016/j.cose.2004.02.003.
  25. Lihua Yuan, Hao Chen, Jianning Mai, Chen-Nee Chuah, Zhendong Su & P. Mohapatra (2006): FIREMAN: a toolkit for firewall modeling and analysis. In: IEEE Symposium on Security and Privacy, pp. 199–213, doi:10.1109/SP.2006.16.
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org